amadey | 12e64c2bcbea2f0fc18790672c9b361756a51f04fd369566822d46e58c3bc0a0 | Triage

Sharing

General

Target

1680-3-0x0000000000220000-0x00000000006BF000-memory.dmp
Size

4.6MB
Sample

241226-xqsswsvngw
MD5

ff580328a0747dea7a7f37e8a7e7c37a
SHA1

3ee4fa2dea091e200006ffae7dc1cb3c91d102db
SHA256

12e64c2bcbea2f0fc18790672c9b361756a51f04fd369566822d46e58c3bc0a0
SHA512

cbc8c2b301942c371bc8f8daa5a0eb562fe19ea9c19271f2917e32f8077de210590d324f1334dad57f39af267d92503e90f088c45faca65a3321ef619fecb839
SSDEEP

49152:BnEWvSxXn/zT8F73JuWy86ZvQaDf7Ek/ICer9/vgBt+TJqUYvZ2P:SWvSxXn/zT8VJuWy3Zj77EcIFr8+f

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  1680-3-0x0000000000220000-0x00000000006BF000-memory.dmp
- Size
  
  4.6MB
- MD5
  
  ff580328a0747dea7a7f37e8a7e7c37a
- SHA1
  
  3ee4fa2dea091e200006ffae7dc1cb3c91d102db
- SHA256
  
  12e64c2bcbea2f0fc18790672c9b361756a51f04fd369566822d46e58c3bc0a0
- SHA512
  
  cbc8c2b301942c371bc8f8daa5a0eb562fe19ea9c19271f2917e32f8077de210590d324f1334dad57f39af267d92503e90f088c45faca65a3321ef619fecb839
- SSDEEP
  
  49152:BnEWvSxXn/zT8F73JuWy86ZvQaDf7Ek/ICer9/vgBt+TJqUYvZ2P:SWvSxXn/zT8VJuWy3Zj77EcIFr8+f
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2