amadey | 658b58a87263e476bb0c37fdc9e0e92d2118af0b6a66b6b6e587af7b93853c33 | Triage

Sharing

General

Target

1620-3-0x0000000000280000-0x0000000000744000-memory.dmp
Size

4.8MB
Sample

241227-fmphmasjez
MD5

9ab4aab0a9735b5fce4a80e65e6112ab
SHA1

1db4f6dacf3f4586427786eb5c7cfd67c9ba50ef
SHA256

658b58a87263e476bb0c37fdc9e0e92d2118af0b6a66b6b6e587af7b93853c33
SHA512

36ec7537ccef9babaf5a4ca51d067e0728f5dda7c0fbbf9e5e330b4e839084d797289387bcfc73cff43cb7a02d10e3deb7b89de8ce179e4813ac0b16d9342439
SSDEEP

98304:lShOCjQzvt/EU+y8n/oDxraFloo1CQIEWpnMFkKBNiw7S70:lL/9IlzG4GcNiX7

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  1620-3-0x0000000000280000-0x0000000000744000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  9ab4aab0a9735b5fce4a80e65e6112ab
- SHA1
  
  1db4f6dacf3f4586427786eb5c7cfd67c9ba50ef
- SHA256
  
  658b58a87263e476bb0c37fdc9e0e92d2118af0b6a66b6b6e587af7b93853c33
- SHA512
  
  36ec7537ccef9babaf5a4ca51d067e0728f5dda7c0fbbf9e5e330b4e839084d797289387bcfc73cff43cb7a02d10e3deb7b89de8ce179e4813ac0b16d9342439
- SSDEEP
  
  98304:lShOCjQzvt/EU+y8n/oDxraFloo1CQIEWpnMFkKBNiw7S70:lL/9IlzG4GcNiX7
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2