Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    876471c307e164f979615a435d62a6560a57a9c6da97b6ec94ce96b7f9f820ff

  • Size

    577KB

  • Sample

    230206-re6mqaec26

  • MD5

    a424561343435a20024cad45c9069181

  • SHA1

    ba6d903900bf8e7f8347e272a7d1d1bb279a58ae

  • SHA256

    876471c307e164f979615a435d62a6560a57a9c6da97b6ec94ce96b7f9f820ff

  • SHA512

    0f9d6332dadd7885d594549ea6128231731f52e3cd908ff04506014102aad95859b92eae9add3c4e6119ad2ba86b80459487d8e5973b6e2599cbbded5d06c44a

  • SSDEEP

    12288:CMrey90ReLp4oND8ywY9Bv8i9tPia3MWR7CK10Hi6a:8yqeL+o18FYX0i9tqaao

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      876471c307e164f979615a435d62a6560a57a9c6da97b6ec94ce96b7f9f820ff

    • Size

      577KB

    • MD5

      a424561343435a20024cad45c9069181

    • SHA1

      ba6d903900bf8e7f8347e272a7d1d1bb279a58ae

    • SHA256

      876471c307e164f979615a435d62a6560a57a9c6da97b6ec94ce96b7f9f820ff

    • SHA512

      0f9d6332dadd7885d594549ea6128231731f52e3cd908ff04506014102aad95859b92eae9add3c4e6119ad2ba86b80459487d8e5973b6e2599cbbded5d06c44a

    • SSDEEP

      12288:CMrey90ReLp4oND8ywY9Bv8i9tPia3MWR7CK10Hi6a:8yqeL+o18FYX0i9tqaao

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks