amadey | 1dcc3026e861c7948787f8ff798bd4aba11ea9154db6afe36860bfa6484673a4 | Triage

Sharing

General

Target

file.exe
Size

578KB
Sample

230206-sbkrhsee27
MD5

4cdc910c9e87a681166e6008111d9636
SHA1

949c551eb0668d369f2b8ca8d5e1643e2ed85a7e
SHA256

1dcc3026e861c7948787f8ff798bd4aba11ea9154db6afe36860bfa6484673a4
SHA512

8199261e3b42be56181a0d3b3d9c4e6dd257b463869f5cda373e5454fce2f38be21179cfc46071461d0109b1d8b4cc7d29f97342d6b4939c0bf0ed461c0bbcfd
SSDEEP

12288:BMrAy90ZCmSIV6uxfwpFVEqGUXvi52vX4paQd:lyQTVR2DPG6nvVQd

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  file.exe
- Size
  
  578KB
- MD5
  
  4cdc910c9e87a681166e6008111d9636
- SHA1
  
  949c551eb0668d369f2b8ca8d5e1643e2ed85a7e
- SHA256
  
  1dcc3026e861c7948787f8ff798bd4aba11ea9154db6afe36860bfa6484673a4
- SHA512
  
  8199261e3b42be56181a0d3b3d9c4e6dd257b463869f5cda373e5454fce2f38be21179cfc46071461d0109b1d8b4cc7d29f97342d6b4939c0bf0ed461c0bbcfd
- SSDEEP
  
  12288:BMrAy90ZCmSIV6uxfwpFVEqGUXvi52vX4paQd:lyQTVR2DPG6nvVQd
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan

behavioral2

amadeyevasionpersistencetrojan