Derp.ca
← All malware

Amadey

Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.

Last 7 days

Mar 5, 2026
C2 Hosts: 12

Further Reading

Amadey Threat Analysis and Detections | Splunk

The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintaine...

splunk.com
Exploring Seychelles: Team Cymru's Tech Adventure

Explore the beauty of Seychelles and its C(2) Shore with our technology company. Discover the perfect blend of nature and innovation on this breathtaking island.

team-cymru.com
TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer

Cybersecurity: TA505, a very active threat actor, works differently than, for example, the group behind Emotet. Which tools are used here, Thomas Barabosch explains to you in his Blog.

telekom.com
Amadey: New encoding with old tricks - VMRay

The main functionality of Amadey is to collect information about the infected host, steal data, & download malware. Read more for the details.

vmray.com
Latest Amadey Uses Screen Capture, Pushes Remcos RAT | Blog

Zscaler ThreatLabZ team is continually monitoring known threats to see if they re-appear in a different form. Read more.

zscaler.com