amadey | ac4345332d24b048fc1b99301435e7dc5c78d5561ac9bd0c512cad1cc47080b1 | Triage

Sharing

General

Target

34156c23ded10df5fbb61511b968e6cd.exe
Size

12.1MB
Sample

241216-rxz8naspft
MD5

34156c23ded10df5fbb61511b968e6cd
SHA1

17271001393b53ff7d605a8925086d68101a0f15
SHA256

ac4345332d24b048fc1b99301435e7dc5c78d5561ac9bd0c512cad1cc47080b1
SHA512

160b10205c5e0bc888ec337e700c928a3880c897775e7278ec84e9b9279e058394661f9cdbfc42947b36e84c37910b98dcc54ec5d84cebad33914b8909bccf9f
SSDEEP

393216:lvQ5wyLqi68Ko/AhbRu074MQIEZjBv2ZbC+p:lo5PLBAh40kJjUZbCS

Score

10^/10

amadey 3b4498 discovery trojan

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

3b4498

C2

http://gardenhub-fitlife.com

http://gardenhub-fitlife2.com

http://gardenhub-fitlife3.com

Attributes

strings_key
8ebb4a20053589d32f9b9ccd6234230f
url_paths
/g9jvjfd73/index.php

/g9jvjfd74/index.php

/8bkjdSdfjCe/index.php

rc4.plain

Targets

- Target
  
  34156c23ded10df5fbb61511b968e6cd.exe
- Size
  
  12.1MB
- MD5
  
  34156c23ded10df5fbb61511b968e6cd
- SHA1
  
  17271001393b53ff7d605a8925086d68101a0f15
- SHA256
  
  ac4345332d24b048fc1b99301435e7dc5c78d5561ac9bd0c512cad1cc47080b1
- SHA512
  
  160b10205c5e0bc888ec337e700c928a3880c897775e7278ec84e9b9279e058394661f9cdbfc42947b36e84c37910b98dcc54ec5d84cebad33914b8909bccf9f
- SSDEEP
  
  393216:lvQ5wyLqi68Ko/AhbRu074MQIEZjBv2ZbC+p:lo5PLBAh40kJjUZbCS
Score

10^/10

amadey 3b4498 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey3b4498discoverytrojan

behavioral2

amadey3b4498discoverytrojan