amadey | c9f8d594f138d8e16774416b6c85b38471e0a97da6af0a4bf5010e842537ae3a | Triage

Sharing

General

Target

c9f8d594f138d8e16774416b6c85b38471e0a97da6af0a4bf5010e842537ae3a
Size

574KB
Sample

230206-wpvenaad8z
MD5

b0e5bea1ea56060bb9454b35000bc409
SHA1

2822231e4eaa6d194361489a26df5f5a05e81242
SHA256

c9f8d594f138d8e16774416b6c85b38471e0a97da6af0a4bf5010e842537ae3a
SHA512

dd7dff4e84c060d67bfd4a7ef7a0f1dd4fc2fa0022e8cc62073ceaf491514677ba457151e639d1eca62fa361734acaf3a1e31ac014b3ee0d2e2018a283b586c9
SSDEEP

12288:BMrhy90OEgCLyxHR4OMBtO/0ltHFz9N0n/tXMeTeMA:4yGgM+HqRCslrH0n/NMTMA

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  c9f8d594f138d8e16774416b6c85b38471e0a97da6af0a4bf5010e842537ae3a
- Size
  
  574KB
- MD5
  
  b0e5bea1ea56060bb9454b35000bc409
- SHA1
  
  2822231e4eaa6d194361489a26df5f5a05e81242
- SHA256
  
  c9f8d594f138d8e16774416b6c85b38471e0a97da6af0a4bf5010e842537ae3a
- SHA512
  
  dd7dff4e84c060d67bfd4a7ef7a0f1dd4fc2fa0022e8cc62073ceaf491514677ba457151e639d1eca62fa361734acaf3a1e31ac014b3ee0d2e2018a283b586c9
- SSDEEP
  
  12288:BMrhy90OEgCLyxHR4OMBtO/0ltHFz9N0n/tXMeTeMA:4yGgM+HqRCslrH0n/NMTMA
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan