amadey | 5cb07c79c2ba5c1294709acf3a3452251529600b4d61b51264f212c2c13480ed | Triage

Sharing

General

Target

5cb07c79c2ba5c1294709acf3a3452251529600b4d61b51264f212c2c13480ed
Size

574KB
Sample

230206-t9rhdseh69
MD5

37a08da112329a5622c949b94a78fdda
SHA1

fdb00d4c0a1742a9526fd4b2cc0c207c954ea9a5
SHA256

5cb07c79c2ba5c1294709acf3a3452251529600b4d61b51264f212c2c13480ed
SHA512

fa4d14212c61a55bafb143fb8911137eb3a77c64bf38d68bdadc96b067a8d2044f47d0d19f461dba528d68dbc1e1b227134a11a53f13526a12e8b688cb353f64
SSDEEP

12288:DMrRy90hAEV1AO+C5sRqFKKK/0xt2FaUN0n/tpq0CfYA4A6d:yyq5bvczsxDu0n/W0RBd

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  5cb07c79c2ba5c1294709acf3a3452251529600b4d61b51264f212c2c13480ed
- Size
  
  574KB
- MD5
  
  37a08da112329a5622c949b94a78fdda
- SHA1
  
  fdb00d4c0a1742a9526fd4b2cc0c207c954ea9a5
- SHA256
  
  5cb07c79c2ba5c1294709acf3a3452251529600b4d61b51264f212c2c13480ed
- SHA512
  
  fa4d14212c61a55bafb143fb8911137eb3a77c64bf38d68bdadc96b067a8d2044f47d0d19f461dba528d68dbc1e1b227134a11a53f13526a12e8b688cb353f64
- SSDEEP
  
  12288:DMrRy90hAEV1AO+C5sRqFKKK/0xt2FaUN0n/tpq0CfYA4A6d:yyq5bvczsxDu0n/W0RBd
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan