Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d14c413ed5a93a7aef79e43338c7399bed735e7d46b19b8a2e18ff074c68f6bf

  • Size

    573KB

  • Sample

    230206-ttll7saa7x

  • MD5

    6222dd22d6997e0110be09ca2b3d6d10

  • SHA1

    3a38ebdf1f4fafbe4a66d3ddcbacbdd109e403cc

  • SHA256

    d14c413ed5a93a7aef79e43338c7399bed735e7d46b19b8a2e18ff074c68f6bf

  • SHA512

    865243256de2b87a1dbce13d7dcb3d90148e63fd97a6bea6bff390e3c36e622246fdd5ac3948e9ee2306398ddfd5cf3276afbc9344bc8c48f76b2881dc474893

  • SSDEEP

    12288:YMrAy90jhsznzVuj+lpE2C+K/0ttrF/3N0n/tqA8ckl:oymszzVPw+Kstnd0n/38ckl

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      d14c413ed5a93a7aef79e43338c7399bed735e7d46b19b8a2e18ff074c68f6bf

    • Size

      573KB

    • MD5

      6222dd22d6997e0110be09ca2b3d6d10

    • SHA1

      3a38ebdf1f4fafbe4a66d3ddcbacbdd109e403cc

    • SHA256

      d14c413ed5a93a7aef79e43338c7399bed735e7d46b19b8a2e18ff074c68f6bf

    • SHA512

      865243256de2b87a1dbce13d7dcb3d90148e63fd97a6bea6bff390e3c36e622246fdd5ac3948e9ee2306398ddfd5cf3276afbc9344bc8c48f76b2881dc474893

    • SSDEEP

      12288:YMrAy90jhsznzVuj+lpE2C+K/0ttrF/3N0n/tqA8ckl:oymszzVPw+Kstnd0n/38ckl

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks