amadey | 62691bfdde84921d0bd8f3277c613f7bb47baae0f8c30cb57b3f1c8020bd8742 | Triage

Sharing

General

Target

62691bfdde84921d0bd8f3277c613f7bb47baae0f8c30cb57b3f1c8020bd8742
Size

585KB
Sample

230206-nxnyvadg32
MD5

81e4c9e3829dafb46fd48f97eec556ae
SHA1

acb908d66791a9c49f721e03de7566d4d84b0f14
SHA256

62691bfdde84921d0bd8f3277c613f7bb47baae0f8c30cb57b3f1c8020bd8742
SHA512

46d4f4983edd91eddf345e02c8da882f69dfd34b8c88568396e38cf4fd183812b3fbe59d94f717f7c62275890a462a5e112aa31c6e6e940389fd9d4fa9c741df
SSDEEP

12288:TMriy90cgwPgALpMHq2+Nw9AyzP6iI8isf+X+cEL:FydzYAvw9AY6j8xS+X

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  62691bfdde84921d0bd8f3277c613f7bb47baae0f8c30cb57b3f1c8020bd8742
- Size
  
  585KB
- MD5
  
  81e4c9e3829dafb46fd48f97eec556ae
- SHA1
  
  acb908d66791a9c49f721e03de7566d4d84b0f14
- SHA256
  
  62691bfdde84921d0bd8f3277c613f7bb47baae0f8c30cb57b3f1c8020bd8742
- SHA512
  
  46d4f4983edd91eddf345e02c8da882f69dfd34b8c88568396e38cf4fd183812b3fbe59d94f717f7c62275890a462a5e112aa31c6e6e940389fd9d4fa9c741df
- SSDEEP
  
  12288:TMriy90cgwPgALpMHq2+Nw9AyzP6iI8isf+X+cEL:FydzYAvw9AY6j8xS+X
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan