amadey | f3ea349ef696d71d46f5b8088a08cc31489a17cf8ad4d384aae9f77afff402d0 | Triage

Sharing

General

Target

2096-3-0x0000000000190000-0x000000000065C000-memory.dmp
Size

4.8MB
Sample

241227-lzcmgstpfx
MD5

f8135dd20d0a439de3b57a7e21bc6276
SHA1

1a11f3bd71992596bed8cfcb84c5338bfd2660b8
SHA256

f3ea349ef696d71d46f5b8088a08cc31489a17cf8ad4d384aae9f77afff402d0
SHA512

0689215fb750c2305ef878fc64cda44fb5a6147e69f45f857a31806df353f12b8ac0bae7ca2564489425e34edc0429f1be353ea0e88c45bd0b0ba1d1b6e3e8da
SSDEEP

98304:TVnKOdrqDdGHxxDmFkkUE3el0yOqz7bCzH36JpO1tHav9YH6q:T3IOEnqz7b+3gO1tUG

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  2096-3-0x0000000000190000-0x000000000065C000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  f8135dd20d0a439de3b57a7e21bc6276
- SHA1
  
  1a11f3bd71992596bed8cfcb84c5338bfd2660b8
- SHA256
  
  f3ea349ef696d71d46f5b8088a08cc31489a17cf8ad4d384aae9f77afff402d0
- SHA512
  
  0689215fb750c2305ef878fc64cda44fb5a6147e69f45f857a31806df353f12b8ac0bae7ca2564489425e34edc0429f1be353ea0e88c45bd0b0ba1d1b6e3e8da
- SSDEEP
  
  98304:TVnKOdrqDdGHxxDmFkkUE3el0yOqz7bCzH36JpO1tHav9YH6q:T3IOEnqz7b+3gO1tUG
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2