amadey | a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554 | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7_x64

winprofile

windows10_x64

Sharing

General

Target

a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554
Size

4.8MB
Sample

220516-16dwfsbhd2
MD5

563b7ec2b7aeeb861a70f1f3cbd9fcbc
SHA1

3c9ad9d06b6f44e9c09bf1eb15af433945dcfdbd
SHA256

a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554
SHA512

5137885a0ad19291565b4812e2ee9e0d96e597a02f07848ba7d80b569dacfef01147ee13abe14613195f72bf8dbd735ee8b0912216edbb41c4e596fc5f33eff2

Score

10^/10

amadey evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554.exe

Resource

win7-20220414-en

amadey evasion themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554.exe

Resource

win10-20220414-en

amadey evasion themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554
- Size
  
  4.8MB
- MD5
  
  563b7ec2b7aeeb861a70f1f3cbd9fcbc
- SHA1
  
  3c9ad9d06b6f44e9c09bf1eb15af433945dcfdbd
- SHA256
  
  a998fb101add80180610610a478bc6f278f1e96f47382387a192cf1439ab4554
- SHA512
  
  5137885a0ad19291565b4812e2ee9e0d96e597a02f07848ba7d80b569dacfef01147ee13abe14613195f72bf8dbd735ee8b0912216edbb41c4e596fc5f33eff2
Score

10^/10

amadey evasion themida trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyevasionthemidatrojan

behavioral2

amadeyevasionthemidatrojan

© 2018-2024

Terms | Privacy