amadey | fe4985cc75d00384cf4030b80f7f41eab3f3788ef9144b53f4ea52150f5f8187 | Triage

Sharing

General

Target

JaffaCakes118_fe4985cc75d00384cf4030b80f7f41eab3f3788ef9144b53f4ea52150f5f8187
Size

378KB
Sample

241222-a1qpyswngn
MD5

158f8d3f2c3cdca8900dea5585e2004a
SHA1

1eb6953b90c6d8ec509c949585f000438990bcac
SHA256

fe4985cc75d00384cf4030b80f7f41eab3f3788ef9144b53f4ea52150f5f8187
SHA512

320bed7dfd234a8e71fcd7848003193d2920acfa5f726329576f8f70f7c9226f4f9e80357480de6f940731804852402a72d97fb457ad917aebde32b42ee681f5
SSDEEP

6144:V93Roih6E2l8sEmRMixefsmk8VRuzbgwuO0Q7ITsqGrnH3XEHwVfu:V9BoihHo8sEy/cfsmdunnwQ7zH

Score

10^/10

amadey d00855 discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.08

Botnet

d00855

C2

http://179.43.154.147

Attributes

install_dir
9d5cca72fb
install_file
ftewk.exe
strings_key
9defde16baecb416084964a9b667f06e
url_paths
/d2VxjasuwS/index.php

rc4.plain

Targets

- Target
  
  JaffaCakes118_fe4985cc75d00384cf4030b80f7f41eab3f3788ef9144b53f4ea52150f5f8187
- Size
  
  378KB
- MD5
  
  158f8d3f2c3cdca8900dea5585e2004a
- SHA1
  
  1eb6953b90c6d8ec509c949585f000438990bcac
- SHA256
  
  fe4985cc75d00384cf4030b80f7f41eab3f3788ef9144b53f4ea52150f5f8187
- SHA512
  
  320bed7dfd234a8e71fcd7848003193d2920acfa5f726329576f8f70f7c9226f4f9e80357480de6f940731804852402a72d97fb457ad917aebde32b42ee681f5
- SSDEEP
  
  6144:V93Roih6E2l8sEmRMixefsmk8VRuzbgwuO0Q7ITsqGrnH3XEHwVfu:V9BoihHo8sEy/cfsmdunnwQ7zH
Score

10^/10

amadey d00855 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyd00855discoverytrojan

behavioral2

amadeyd00855discoverytrojan