Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17f3ddfa766b704ea507d90ab260228557638699db443e466342a693a9b031f3

  • Size

    558KB

  • Sample

    230206-2xnvqsbe41

  • MD5

    cd6ad77b8491e6870eefeb86d9537897

  • SHA1

    7e3cdd7536c234b64c6e6a76b4aae3265912a499

  • SHA256

    17f3ddfa766b704ea507d90ab260228557638699db443e466342a693a9b031f3

  • SHA512

    762b474d63b3175dd922cc4cd69700ca43d0d0edd6c7b10cd33b5e23e1f007b5dd98060e5489391c3291b339b4e7ece29f47f6949d561ef5bcbac683120a80c0

  • SSDEEP

    12288:QMrby90pOYq79+F8qNFSYsF+gMaTWmNRYu20phF6xN2h:byqq79+qHTWmNRYu2oFmk

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      17f3ddfa766b704ea507d90ab260228557638699db443e466342a693a9b031f3

    • Size

      558KB

    • MD5

      cd6ad77b8491e6870eefeb86d9537897

    • SHA1

      7e3cdd7536c234b64c6e6a76b4aae3265912a499

    • SHA256

      17f3ddfa766b704ea507d90ab260228557638699db443e466342a693a9b031f3

    • SHA512

      762b474d63b3175dd922cc4cd69700ca43d0d0edd6c7b10cd33b5e23e1f007b5dd98060e5489391c3291b339b4e7ece29f47f6949d561ef5bcbac683120a80c0

    • SSDEEP

      12288:QMrby90pOYq79+F8qNFSYsF+gMaTWmNRYu20phF6xN2h:byqq79+qHTWmNRYu2oFmk

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks