amadey | 357fe10d46f73b35b4aaf556e35677d7c631543391c6077460f79c1bbde7695a | Triage

Sharing

General

Target

357fe10d46f73b35b4aaf556e35677d7c631543391c6077460f79c1bbde7695a
Size

583KB
Sample

230206-qsynlaea88
MD5

16a4fefd7a68fb14e377175be684cb65
SHA1

14338a84c71a06d3dea0d50f0dfc11d1b97a7955
SHA256

357fe10d46f73b35b4aaf556e35677d7c631543391c6077460f79c1bbde7695a
SHA512

991231a023643f6e7641a6092d313460df09d7d17fa1adc230adf021eae343f78a77ccc856a1c5d5f983c44d5110fa77aa523402f4bbaa167e5751d86af298d9
SSDEEP

12288:pMrOy9067BTKpiQFqNH3rWhhCregtex1HZvBMNbn6:ryNTSWChhqftW1HxB46

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  357fe10d46f73b35b4aaf556e35677d7c631543391c6077460f79c1bbde7695a
- Size
  
  583KB
- MD5
  
  16a4fefd7a68fb14e377175be684cb65
- SHA1
  
  14338a84c71a06d3dea0d50f0dfc11d1b97a7955
- SHA256
  
  357fe10d46f73b35b4aaf556e35677d7c631543391c6077460f79c1bbde7695a
- SHA512
  
  991231a023643f6e7641a6092d313460df09d7d17fa1adc230adf021eae343f78a77ccc856a1c5d5f983c44d5110fa77aa523402f4bbaa167e5751d86af298d9
- SSDEEP
  
  12288:pMrOy9067BTKpiQFqNH3rWhhCregtex1HZvBMNbn6:ryNTSWChhqftW1HxB46
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan