amadey | 7ec658717325fe5b174f027a132c359f1dc74d4d041406c584667f35e5a25f56 | Triage

Sharing

General

Target

7ec658717325fe5b174f027a132c359f1dc74d4d041406c584667f35e5a25f56
Size

577KB
Sample

230206-rs4qaahf3y
MD5

5ca329e5f4b9e1c4d2fabb6865172a39
SHA1

ab9b30bd3e547d40c64ce4560206788123c8a418
SHA256

7ec658717325fe5b174f027a132c359f1dc74d4d041406c584667f35e5a25f56
SHA512

52fbaae2d32ecf754a4ca8ce6cd96625cccc9082d9eec6f6dcf31fef1e4ecc876d795230ea6ebea855a25d88ecc0381a3326ca8782ccaeae5f095561c84b19bd
SSDEEP

12288:4MrIy90q4BJV7OWjO1HE8i9tAiaSMWmgYK16oScw0SpACs:AyUVPsti9tzaHoScw+r

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  7ec658717325fe5b174f027a132c359f1dc74d4d041406c584667f35e5a25f56
- Size
  
  577KB
- MD5
  
  5ca329e5f4b9e1c4d2fabb6865172a39
- SHA1
  
  ab9b30bd3e547d40c64ce4560206788123c8a418
- SHA256
  
  7ec658717325fe5b174f027a132c359f1dc74d4d041406c584667f35e5a25f56
- SHA512
  
  52fbaae2d32ecf754a4ca8ce6cd96625cccc9082d9eec6f6dcf31fef1e4ecc876d795230ea6ebea855a25d88ecc0381a3326ca8782ccaeae5f095561c84b19bd
- SSDEEP
  
  12288:4MrIy90q4BJV7OWjO1HE8i9tAiaSMWmgYK16oScw0SpACs:AyUVPsti9tzaHoScw+r
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan