Overview

overview

10

Static

static

10

amadey.exe

windows7-x64

10

amadey.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    amadey.exe

  • Size

    231KB

  • Sample

    240701-wjsc4s1eph

  • MD5

    3dd072d71907f6d5a5b046908c081f11

  • SHA1

    6432c3dacb6e4dec30ad44cc92f79d4a0156affd

  • SHA256

    1783a69593b72237fce4111d231ab3c919f9220e8baf8b2216c488d4dbedcdf1

  • SHA512

    2f6a4df887ad59e8b34644e8832f843f0f3c84171dbd8ceee9e1ec348684ba43a7ab4f2864464e343c8a17bc147839add11c939dfcea4fd60f79f48b89010453

  • SSDEEP

    6144:0s9bFCavQJdMSzPgI0KIikB/NiFEZu7dRmV:pbFCRMcRIiTFgu7dR

Score
10/10
amadeydee301trojan

Malware Config

Extracted

Family

amadey

Version

3.84

Botnet

dee301

C2

http://109.206.241.33

Attributes
  • install_dir

    73456c80a6

  • install_file

    jbruyer.exe

  • strings_key

    ba1b310f6d9af5c6a5f24008b410aec0

  • url_paths

    /9bDc8sQ/index.php

rc4.plain

Targets

    • Target

      amadey.exe

    • Size

      231KB

    • MD5

      3dd072d71907f6d5a5b046908c081f11

    • SHA1

      6432c3dacb6e4dec30ad44cc92f79d4a0156affd

    • SHA256

      1783a69593b72237fce4111d231ab3c919f9220e8baf8b2216c488d4dbedcdf1

    • SHA512

      2f6a4df887ad59e8b34644e8832f843f0f3c84171dbd8ceee9e1ec348684ba43a7ab4f2864464e343c8a17bc147839add11c939dfcea4fd60f79f48b89010453

    • SSDEEP

      6144:0s9bFCavQJdMSzPgI0KIikB/NiFEZu7dRmV:pbFCRMcRIiTFgu7dR

    Score
    10/10
    amadeydee301trojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks