amadey | 9a56f2669a6fa8cceeee11c2ff05764a3b7ff6dfb4ec8961a76182d5822c8fe5 | Triage

Sharing

General

Target

9a56f2669a6fa8cceeee11c2ff05764a3b7ff6dfb4ec8961a76182d5822c8fe5
Size

577KB
Sample

230206-q65n3aeb68
MD5

af26f50b7a64a6a6ce4141b00e6bea85
SHA1

73f289e894d7140ba22ee268cfe22a24dc1586d4
SHA256

9a56f2669a6fa8cceeee11c2ff05764a3b7ff6dfb4ec8961a76182d5822c8fe5
SHA512

5db9c3c0f0c9f44a049b6cfcffcd41f29523315e4312cd9eca986cb185ba903a45694031f6fae5c79d9e167dd0b65ab593df3db9e26fe12adda5e37d64bf8e8c
SSDEEP

12288:nMrUy90k3FVsVpkg+42ZA+f8MeHB8i9tAiaSMWmgIK1OoScw0SpACB:PymVpg42zf81H2i9tzaLoScw+G

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  9a56f2669a6fa8cceeee11c2ff05764a3b7ff6dfb4ec8961a76182d5822c8fe5
- Size
  
  577KB
- MD5
  
  af26f50b7a64a6a6ce4141b00e6bea85
- SHA1
  
  73f289e894d7140ba22ee268cfe22a24dc1586d4
- SHA256
  
  9a56f2669a6fa8cceeee11c2ff05764a3b7ff6dfb4ec8961a76182d5822c8fe5
- SHA512
  
  5db9c3c0f0c9f44a049b6cfcffcd41f29523315e4312cd9eca986cb185ba903a45694031f6fae5c79d9e167dd0b65ab593df3db9e26fe12adda5e37d64bf8e8c
- SSDEEP
  
  12288:nMrUy90k3FVsVpkg+42ZA+f8MeHB8i9tAiaSMWmgIK1OoScw0SpACB:PymVpg42zf81H2i9tzaLoScw+G
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan