amadey | ef8a781c7494aa3c21aad2e12be7f8c52786e4bc84368badc5cb629d3278561e | Triage

Sharing

General

Target

ef8a781c7494aa3c21aad2e12be7f8c52786e4bc84368badc5cb629d3278561e
Size

585KB
Sample

230206-njpyzsdf74
MD5

5d3adf2929c9950261568f2dbd11b0bb
SHA1

2539672a5fd7537451eee2983b043a6fddb96f0e
SHA256

ef8a781c7494aa3c21aad2e12be7f8c52786e4bc84368badc5cb629d3278561e
SHA512

d2cb77fee96daf3b6a6d9061a03c5d1e1da4da13389d002f99682c227063537b1353410e0d76aa9189502accbcca08ecedcdc4be4f7e3b22638ba55a1eedbdc0
SSDEEP

12288:+MrPy908QcvgbuR6usLdanzN29Ay1PqiI81XVP7Y3MZU2A:5yzZvgqR632J29ASqj81lPUSA

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  ef8a781c7494aa3c21aad2e12be7f8c52786e4bc84368badc5cb629d3278561e
- Size
  
  585KB
- MD5
  
  5d3adf2929c9950261568f2dbd11b0bb
- SHA1
  
  2539672a5fd7537451eee2983b043a6fddb96f0e
- SHA256
  
  ef8a781c7494aa3c21aad2e12be7f8c52786e4bc84368badc5cb629d3278561e
- SHA512
  
  d2cb77fee96daf3b6a6d9061a03c5d1e1da4da13389d002f99682c227063537b1353410e0d76aa9189502accbcca08ecedcdc4be4f7e3b22638ba55a1eedbdc0
- SSDEEP
  
  12288:+MrPy908QcvgbuR6usLdanzN29Ay1PqiI81XVP7Y3MZU2A:5yzZvgqR632J29ASqj81lPUSA
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan