General

  • Target

    ea1ca13cb3303882a6dd44f39831f173e509682f346065d8e006c443df2b536f

  • Size

    558KB

  • Sample

    230206-1jgzlabc3x

  • MD5

    3abd2ff45e6558f8a492273c0f4fe8d9

  • SHA1

    1f5958f6a650c28784a28ea970178055cb491070

  • SHA256

    ea1ca13cb3303882a6dd44f39831f173e509682f346065d8e006c443df2b536f

  • SHA512

    36be767f23c5ce51fbb366df27ca4fa393e1ff12289b2eb07f63fc9f196976860604e6ab9a03da2099bf74ac539e852c5e357cc1029c8bfd69ce53d95533a6dd

  • SSDEEP

    12288:lMryy90afkXidJexjy+L1MfAZCsF+KMaT0mNRKwMb/ivsDug:jyNsXidJexjy+UAZfHT0mNRK3bav61

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      ea1ca13cb3303882a6dd44f39831f173e509682f346065d8e006c443df2b536f

    • Size

      558KB

    • MD5

      3abd2ff45e6558f8a492273c0f4fe8d9

    • SHA1

      1f5958f6a650c28784a28ea970178055cb491070

    • SHA256

      ea1ca13cb3303882a6dd44f39831f173e509682f346065d8e006c443df2b536f

    • SHA512

      36be767f23c5ce51fbb366df27ca4fa393e1ff12289b2eb07f63fc9f196976860604e6ab9a03da2099bf74ac539e852c5e357cc1029c8bfd69ce53d95533a6dd

    • SSDEEP

      12288:lMryy90afkXidJexjy+L1MfAZCsF+KMaT0mNRKwMb/ivsDug:jyNsXidJexjy+UAZfHT0mNRK3bav61

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks