Overview

overview

10

Static

static

1

325a41b4df...ca.exe

windows7-x64

10

325a41b4df...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c08e3b5280f724bd7a650c051a3ed4ad.bin

  • Size

    192KB

  • Sample

    230206-mfr4hadd88

  • MD5

    614471a62665b2de8f8286c9031d1e2b

  • SHA1

    96a73d6b9bff6ddb710bec91b7ab05146183284b

  • SHA256

    85163e03b8e49840995bb07e2e5c6984be18bbba8eb3fa0236d6c495fc14eaf6

  • SHA512

    806f68e869f8f4126319d449e1e75ec166ff52a5a6489759ae553c7ef5494f68cd6a83b4ae9eb1456933d5fcdb63ff7a8d8d74535a16eed611dce5bbdb626db0

  • SSDEEP

    3072:c61mnZDxL9WVsvz2FOSIvGzqDj58Yx+ySwrhpCIAsyZ/+3ATVO+G:KHpGsb2FOnSqD1fx+4rhpKsy9+wO

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      325a41b4dfab6ef08cfd83e2fb1ae1b1bbf1631cc8c2fe53ad29c78d657abfca.exe

    • Size

      235KB

    • MD5

      c08e3b5280f724bd7a650c051a3ed4ad

    • SHA1

      4dc7760450fb29b8c0e8af4ccaa701dc4eb58f50

    • SHA256

      325a41b4dfab6ef08cfd83e2fb1ae1b1bbf1631cc8c2fe53ad29c78d657abfca

    • SHA512

      1bd26b9d7ce52a95daa5dfd03e72d9395aa4f21d75dffa225f6a1d19bc585af32c9ddd4288b1939b23152ab8d22695734bc06483630c5b236845725676e93142

    • SSDEEP

      3072:ROhX0N7+f1l5GWp1icKAArDZz4N9GhbkrNEk1AIoCXqjZ4a4fT+XztasUiJ7G:ghEN7+tp0yN90QEfCX8Z437ujUiRG

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks