Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e9491c1570f30e44f3ea27bcdc704a42fa1d2350ce144d9f331c87e947c812f

  • Size

    557KB

  • Sample

    230206-3sqn7sbf5y

  • MD5

    4d790d40a22a5b8d8c4205e879860989

  • SHA1

    fc152ffa106ed055125cd1089aaf52ab33649a84

  • SHA256

    6e9491c1570f30e44f3ea27bcdc704a42fa1d2350ce144d9f331c87e947c812f

  • SHA512

    82296cb9e43f25d6d3d65c356e9f35a4ee20b51ce438db7dded5a32f7ddfe64973cd3d6bba6dfcd7d199b7980cfcb119c4a22e8b69df8736c06ea726fdb38559

  • SSDEEP

    12288:OMrQy90u2WaPm6jGP90FzOWm2Iqj3aRG0nLphNucvS:GypEjKunKqjsnLphcIS

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      6e9491c1570f30e44f3ea27bcdc704a42fa1d2350ce144d9f331c87e947c812f

    • Size

      557KB

    • MD5

      4d790d40a22a5b8d8c4205e879860989

    • SHA1

      fc152ffa106ed055125cd1089aaf52ab33649a84

    • SHA256

      6e9491c1570f30e44f3ea27bcdc704a42fa1d2350ce144d9f331c87e947c812f

    • SHA512

      82296cb9e43f25d6d3d65c356e9f35a4ee20b51ce438db7dded5a32f7ddfe64973cd3d6bba6dfcd7d199b7980cfcb119c4a22e8b69df8736c06ea726fdb38559

    • SSDEEP

      12288:OMrQy90u2WaPm6jGP90FzOWm2Iqj3aRG0nLphNucvS:GypEjKunKqjsnLphcIS

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks