amadey | 7a38c053d7794b247abf495330b2c26e92825ef15c428e86b0e587e2ae264117 | Triage

Sharing

General

Target

JaffaCakes118_eae19cbb5b97ce045bf8ad23d80a867c
Size

401KB
Sample

250110-wyfyma1rfs
MD5

eae19cbb5b97ce045bf8ad23d80a867c
SHA1

95e6566eaad49349988e38c39a112b32cd4120de
SHA256

7a38c053d7794b247abf495330b2c26e92825ef15c428e86b0e587e2ae264117
SHA512

0bd3761d4289ed7ffbeffd49dcd472106904eed5aa6b2ec7a0c2891de7e14a9feedcb293c74f5584781c191f208616add77f6b6480983b473b24d8adc49f011b
SSDEEP

6144:Q5VybgaUV4kgV4YHRBduhafN7FY7WXGNJ:6ybgvAxHweFY7WXm

Score

10^/10

amadey 99459a discovery trojan

Malware Config

Extracted

Family

amadey

Version

2.71

Botnet

99459a

C2

http://web.jsonpost.xyz

http://web.xmlpost.xyz

Attributes

install_dir
3e5d740863
install_file
dllhost.exe
strings_key
e78d3bed9e9eddb6db12b1dcd4965157
url_paths
/sj2vMs/index.php

rc4.plain

Targets

- Target
  
  JaffaCakes118_eae19cbb5b97ce045bf8ad23d80a867c
- Size
  
  401KB
- MD5
  
  eae19cbb5b97ce045bf8ad23d80a867c
- SHA1
  
  95e6566eaad49349988e38c39a112b32cd4120de
- SHA256
  
  7a38c053d7794b247abf495330b2c26e92825ef15c428e86b0e587e2ae264117
- SHA512
  
  0bd3761d4289ed7ffbeffd49dcd472106904eed5aa6b2ec7a0c2891de7e14a9feedcb293c74f5584781c191f208616add77f6b6480983b473b24d8adc49f011b
- SSDEEP
  
  6144:Q5VybgaUV4kgV4YHRBduhafN7FY7WXGNJ:6ybgvAxHweFY7WXm
Score

10^/10

amadey 99459a discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey99459adiscoverytrojan

behavioral2

amadey99459adiscoverytrojan