amadey

General

Target

1dc6af93e4c02db3d98e4fdbe10e638d4a88685ef79345d12c1424aaeadf0482.exe
Size

1.2MB
Sample

241217-cqqy3sxlfw
MD5

a6410cca2ceacc80095a22fdc0f936ba
SHA1

d680defe60f055c02ec48f83a76a826969d50e0e
SHA256

1dc6af93e4c02db3d98e4fdbe10e638d4a88685ef79345d12c1424aaeadf0482
SHA512

0ed1237e80aba1321503de746aff9e6672376f85461ccee463a5454ab3e8b2a2092e098002a761c1ca1f12c91e23baed90deb3d8071be48fd46cfdd784567797
SSDEEP

24576:X5GJSGdYXqbG7BRwqGHYj7yeqCLi9/Ir6U1cMTOx4fu40gxUm:X5GhdUNDmYj7nqM0/IHj24r0gxU

Score

10^/10

Malware Config

Extracted

Family

amadey

Version

5.04

Botnet

b44aeb

Attributes

install_dir
7725ce688f
install_file
Gxtuum.exe
strings_key
8bf9b3f72bb53c678e0173edf42df1ae
url_paths
/3ofn3jf3e2ljk/index.php

rc4.plain

Targets

- Target
  
  1dc6af93e4c02db3d98e4fdbe10e638d4a88685ef79345d12c1424aaeadf0482.exe
- Size
  
  1.2MB
- MD5
  
  a6410cca2ceacc80095a22fdc0f936ba
- SHA1
  
  d680defe60f055c02ec48f83a76a826969d50e0e
- SHA256
  
  1dc6af93e4c02db3d98e4fdbe10e638d4a88685ef79345d12c1424aaeadf0482
- SHA512
  
  0ed1237e80aba1321503de746aff9e6672376f85461ccee463a5454ab3e8b2a2092e098002a761c1ca1f12c91e23baed90deb3d8071be48fd46cfdd784567797
- SSDEEP
  
  24576:X5GJSGdYXqbG7BRwqGHYj7yeqCLi9/Ir6U1cMTOx4fu40gxUm:X5GhdUNDmYj7nqM0/IHj24r0gxU
Score

10^/10

discovery amadey b44aeb trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Amadey family

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Drops startup file

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2