amadey | 0d09c63084465c508e6a03c0e27f882ca47379c66c964cc45c51fbbd204c7850 | Triage

Sharing

General

Target

0d09c63084465c508e6a03c0e27f882ca47379c66c964cc45c51fbbd204c7850
Size

585KB
Sample

230206-nnj9asdf83
MD5

2ac7edb3a91ea7ccd12390e12c79a145
SHA1

c8a636bcca7d4190df018859bf304b848b5132c7
SHA256

0d09c63084465c508e6a03c0e27f882ca47379c66c964cc45c51fbbd204c7850
SHA512

d3b4b088bbc7fbfc4a1a04d8ee58778bb1e881eca140e0b778e4b2f2dbb45855243dbf258a20a9fdbf32137585a46038d90e48aa7a4916bd62276ff5f0bcf2dc
SSDEEP

12288:BMrZy90JvU6u3Ogovzzv3gIh5I61N29Ay1PqiI8aEP7Y3MZU29:MyavU6u+7zr3ZrI6/29ASqj8HPUS9

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  0d09c63084465c508e6a03c0e27f882ca47379c66c964cc45c51fbbd204c7850
- Size
  
  585KB
- MD5
  
  2ac7edb3a91ea7ccd12390e12c79a145
- SHA1
  
  c8a636bcca7d4190df018859bf304b848b5132c7
- SHA256
  
  0d09c63084465c508e6a03c0e27f882ca47379c66c964cc45c51fbbd204c7850
- SHA512
  
  d3b4b088bbc7fbfc4a1a04d8ee58778bb1e881eca140e0b778e4b2f2dbb45855243dbf258a20a9fdbf32137585a46038d90e48aa7a4916bd62276ff5f0bcf2dc
- SSDEEP
  
  12288:BMrZy90JvU6u3Ogovzzv3gIh5I61N29Ay1PqiI8aEP7Y3MZU29:MyavU6u+7zr3ZrI6/29ASqj8HPUS9
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan