amadey | 9fe756aa10cb3db933bb4f95fee67883e3e832b4e89bad565c31dda832eab5e5 | Triage

Sharing

General

Target

2072-3-0x00000000001C0000-0x0000000000682000-memory.dmp
Size

4.8MB
Sample

241227-p8vffavqdz
MD5

8588f187cdfc4ac946088d471a81d87e
SHA1

8906626523fa003abd047199af6e514d7359db3d
SHA256

9fe756aa10cb3db933bb4f95fee67883e3e832b4e89bad565c31dda832eab5e5
SHA512

5fdd69e4798b2e4f5d37b8a06532ecdc411b56f67ae02f3fc396d4ed66f11af957c40afd550eb4933bc9551e00f9d0a60b9ee8180b2f131ecbe2313be9d225b0
SSDEEP

98304:s9ksZfV2Ks/8OuRc4bcFpsXtXZBf0jVa/hzbkWgXy:s9g7pADOa9MX

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  2072-3-0x00000000001C0000-0x0000000000682000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  8588f187cdfc4ac946088d471a81d87e
- SHA1
  
  8906626523fa003abd047199af6e514d7359db3d
- SHA256
  
  9fe756aa10cb3db933bb4f95fee67883e3e832b4e89bad565c31dda832eab5e5
- SHA512
  
  5fdd69e4798b2e4f5d37b8a06532ecdc411b56f67ae02f3fc396d4ed66f11af957c40afd550eb4933bc9551e00f9d0a60b9ee8180b2f131ecbe2313be9d225b0
- SSDEEP
  
  98304:s9ksZfV2Ks/8OuRc4bcFpsXtXZBf0jVa/hzbkWgXy:s9g7pADOa9MX
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2