Amadey Loader (also known as Amadey) is a malware loader active since 2018. Lightweight loader and reconnaissance bot. Key characteristics include: system profiling, plugin loading, credential theft module, $500 on forums.
Overview & Background
Lightweight loader and reconnaissance bot. First identified in 2018, this threat is attributed to eCrime (MaaS).
Amadey Loader remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this malware loader.
- Category: Malware Loader
- Active since: 2018
- Attribution: eCrime (MaaS)
- Also known as: Amadey
Technical Analysis
Amadey Loader employs the following capabilities and techniques:
- System Profiling: Core functionality
- Plugin Loading: Core functionality
- Credential Theft Module: Core functionality
- $500 On Forums: Core functionality
MITRE ATT&CK Mapping
| Tactic | Technique | Usage |
|---|---|---|
| Initial Access | T1566.001 Phishing Attachment | Common delivery vector |
| Execution | T1204.002 Malicious File | User-triggered execution |
| Persistence | T1547.001 Registry Run Keys | Autostart persistence |
| Defense Evasion | T1027 Obfuscated Files | Payload obfuscation |
| C2 | T1071.001 Web Protocols | HTTP/HTTPS C2 |
Detection & Defense
- Endpoint detection: Deploy behavioral detection rules for Amadey Loader indicators
- Network monitoring: Monitor for C2 traffic patterns and anomalous connections
- Threat intelligence: Track Amadey Loader IOCs and campaign updates
- Security awareness: Train users to recognize phishing and social engineering
- Patch management: Keep systems updated to prevent exploitation
Defend Against Amadey Loader
Mjolnir Security provides detection and response capabilities against Amadey Loader and similar threats.
- Proactive Threat Hunting Hunt for Amadey Loader indicators and TTPs within your environment.
- Threat Intelligence Monitor Amadey Loader campaigns and infrastructure changes.
- 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Stay ahead of emerging threats. Get notified when we publish new intelligence reports and advisories.
Subscribe to Alerts