amadey | c9409dcdd35f34531c3a7e692b46be9ec74efc25d0cb8c322a099adfb95055ee | Triage

Sharing

General

Target

JaffaCakes118_c9409dcdd35f34531c3a7e692b46be9ec74efc25d0cb8c322a099adfb95055ee
Size

383KB
Sample

241227-dagk5szqev
MD5

4c1c1353d9ba6ccbb2c14f31b77c7a78
SHA1

6bdfd8cdebd9455c4e8dec17d992764865b52c56
SHA256

c9409dcdd35f34531c3a7e692b46be9ec74efc25d0cb8c322a099adfb95055ee
SHA512

fef17d2dd8e96cf7abff922e8be0ddcc7ca2cb736aed76325b8e03b71eb22fd3f53551dca4cb83e272fbc4b85fb12796e118aa206a6ae36c3d49846f63844177
SSDEEP

6144:++E1M63eDwShxpZWqipaOkBI2KbQBL3XjpuzbgwuO0RikwVfT:1Ei63eDwQX7ipaJB1GcL3tunnwR

Score

10^/10

amadey d00855 discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.08

Botnet

d00855

C2

http://179.43.154.147

Attributes

install_dir
9d5cca72fb
install_file
ftewk.exe
strings_key
9defde16baecb416084964a9b667f06e
url_paths
/d2VxjasuwS/index.php

rc4.plain

Targets

- Target
  
  JaffaCakes118_c9409dcdd35f34531c3a7e692b46be9ec74efc25d0cb8c322a099adfb95055ee
- Size
  
  383KB
- MD5
  
  4c1c1353d9ba6ccbb2c14f31b77c7a78
- SHA1
  
  6bdfd8cdebd9455c4e8dec17d992764865b52c56
- SHA256
  
  c9409dcdd35f34531c3a7e692b46be9ec74efc25d0cb8c322a099adfb95055ee
- SHA512
  
  fef17d2dd8e96cf7abff922e8be0ddcc7ca2cb736aed76325b8e03b71eb22fd3f53551dca4cb83e272fbc4b85fb12796e118aa206a6ae36c3d49846f63844177
- SSDEEP
  
  6144:++E1M63eDwShxpZWqipaOkBI2KbQBL3XjpuzbgwuO0RikwVfT:1Ei63eDwQX7ipaJB1GcL3tunnwR
Score

10^/10

amadey d00855 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyd00855discoverytrojan

behavioral2

amadeyd00855discoverytrojan