amadey | 12098f58a14930c5c13a127c8b7bdd20786884fe053ff35689a72bec153f4915 | Triage

Sharing

General

Target

840-3-0x0000000000040000-0x00000000004E3000-memory.dmp
Size

4.6MB
Sample

241227-e78xbs1rdt
MD5

8678489054c3284ad0dd4f3dbe85da85
SHA1

c45b65dc08b37d4afa596f215de3515960c9014f
SHA256

12098f58a14930c5c13a127c8b7bdd20786884fe053ff35689a72bec153f4915
SHA512

9005067fc1bede8a57e0a17a604267a2a4ffd67614dbfaa27d029d93ca79f95035a4a5093ed1320836a5de615eff46c91f336fdddbb743bf498061353c0a9396
SSDEEP

98304:qYxYnGvmBN1LDzCgAeQNfWocFNasOgxE2+rqtCZq:qLzAeQNW0dgxE2Peq

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  840-3-0x0000000000040000-0x00000000004E3000-memory.dmp
- Size
  
  4.6MB
- MD5
  
  8678489054c3284ad0dd4f3dbe85da85
- SHA1
  
  c45b65dc08b37d4afa596f215de3515960c9014f
- SHA256
  
  12098f58a14930c5c13a127c8b7bdd20786884fe053ff35689a72bec153f4915
- SHA512
  
  9005067fc1bede8a57e0a17a604267a2a4ffd67614dbfaa27d029d93ca79f95035a4a5093ed1320836a5de615eff46c91f336fdddbb743bf498061353c0a9396
- SSDEEP
  
  98304:qYxYnGvmBN1LDzCgAeQNfWocFNasOgxE2+rqtCZq:qLzAeQNW0dgxE2Peq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2