amadey | 6bdbc9a9e03c2e202acbf0a88eb378262b128c9d9a2d43f864f3f0b9479e8ca7 | Triage

Sharing

General

Target

JaffaCakes118_6bdbc9a9e03c2e202acbf0a88eb378262b128c9d9a2d43f864f3f0b9479e8ca7
Size

174KB
Sample

241226-wwn68atrbn
MD5

8fe412258308eb22a44ab1c222db6167
SHA1

61a49a5c209d452ca9984f8c6ff9753040a68884
SHA256

6bdbc9a9e03c2e202acbf0a88eb378262b128c9d9a2d43f864f3f0b9479e8ca7
SHA512

fce62e86c1820540a79e01b6b2a8740f16662bede1084a3e556470a3f37ac1c9103241d8656e20a66b0f0bafeeccd3f6d64d63e587501989ecded49b5707f603
SSDEEP

3072:6KNknd/+JEgka+lIrJvS5rLQryNllJfJuuW6QfrRvUAq/U1BQuhSTFLwYx9TBYXq:6qkndTg6urWagJa6QfI/UDL6FLwu87hk

Score

10^/10

amadey 0237fa discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.50

Botnet

0237fa

C2

http://193.56.146.194

Attributes

install_dir
50c1695437
install_file
rovwer.exe
strings_key
b6d412dd2efdf33d84e939e52040748f
url_paths
/h49vlBP/index.php

rc4.plain

Targets

- Target
  
  1858dd5e996c40a7e75c2c118262917bc9dc7e779e55de52579cd06b40559ddc.exe
- Size
  
  231KB
- MD5
  
  d2d53693ba630167f3d1689defd2277a
- SHA1
  
  e652a4df2934ef3187d7e62450b732ba9d35fdf6
- SHA256
  
  1858dd5e996c40a7e75c2c118262917bc9dc7e779e55de52579cd06b40559ddc
- SHA512
  
  bb015c508c2462fd2c563893961fa598ffe7b1c67bc587d013b1681fd5d77e8253995e08f9cdf34c0a21ea1e238f5c5091c20ac979c5c95e704728b16913d413
- SSDEEP
  
  6144:AWgLu75uLPm/xUzXpxpbcpLFWS/nU8VIfsLknImS9:AWgiFgPm/xUNx4LNs8afk3X
Score

10^/10

amadey 0237fa discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey0237fadiscoverytrojan

behavioral2

amadey0237fadiscoverytrojan