amadey | dce8c0cbdcfa1ab722b55542f874291b45e16ca806d796ad3991970c5c6d88f1 | Triage

Sharing

General

Target

dce8c0cbdcfa1ab722b55542f874291b45e16ca806d796ad3991970c5c6d88f1
Size

585KB
Sample

230206-p2tkkahb91
MD5

6281672a91def0f6ef5e8d99fbeea0c5
SHA1

6f9e9dbad9a0f499545d8696c1bac7febb97c341
SHA256

dce8c0cbdcfa1ab722b55542f874291b45e16ca806d796ad3991970c5c6d88f1
SHA512

f2bf64f12a2256ffdbc60ea13d7f5a03619057bd9d0a277c43f3fb26c2b18c618555a4b460256e22314d0abe1ac7cb1f6e42d4f27ec4dd79f9797b00e577fc05
SSDEEP

12288:LMrVy90/FBZgETK2t1IrBV3upLEyGG9vvNhGCNv0XWwCKA5C6q7:CySd9t1W3upYMVNh7NvTwiC6q7

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  dce8c0cbdcfa1ab722b55542f874291b45e16ca806d796ad3991970c5c6d88f1
- Size
  
  585KB
- MD5
  
  6281672a91def0f6ef5e8d99fbeea0c5
- SHA1
  
  6f9e9dbad9a0f499545d8696c1bac7febb97c341
- SHA256
  
  dce8c0cbdcfa1ab722b55542f874291b45e16ca806d796ad3991970c5c6d88f1
- SHA512
  
  f2bf64f12a2256ffdbc60ea13d7f5a03619057bd9d0a277c43f3fb26c2b18c618555a4b460256e22314d0abe1ac7cb1f6e42d4f27ec4dd79f9797b00e577fc05
- SSDEEP
  
  12288:LMrVy90/FBZgETK2t1IrBV3upLEyGG9vvNhGCNv0XWwCKA5C6q7:CySd9t1W3upYMVNh7NvTwiC6q7
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan