Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

435718040f23d5db328ab3c844201d7d075c247c435008a9a3d3ff83d93b87e5
Size

558KB
Sample

230206-y2al5afg29
MD5

7678a6201d86ec6c87a8283af8a746ea
SHA1

97922791531822d85de8ab00adbbeebf2260c903
SHA256

435718040f23d5db328ab3c844201d7d075c247c435008a9a3d3ff83d93b87e5
SHA512

8a840b869f2524caf30d6c160cc7659fcb67db55eb220a488678b7e717f0f09d008da62888d8111bc5d5b2f9ee723b5901f4e7f331a15a4ce43151d3567f5df5
SSDEEP

12288:lMr/y90fodGYBGusF+4MaTMmNRiRxd1M0RibN:GyXdGlHHTMmNRiLd1M0Rc

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  435718040f23d5db328ab3c844201d7d075c247c435008a9a3d3ff83d93b87e5
- Size
  
  558KB
- MD5
  
  7678a6201d86ec6c87a8283af8a746ea
- SHA1
  
  97922791531822d85de8ab00adbbeebf2260c903
- SHA256
  
  435718040f23d5db328ab3c844201d7d075c247c435008a9a3d3ff83d93b87e5
- SHA512
  
  8a840b869f2524caf30d6c160cc7659fcb67db55eb220a488678b7e717f0f09d008da62888d8111bc5d5b2f9ee723b5901f4e7f331a15a4ce43151d3567f5df5
- SSDEEP
  
  12288:lMr/y90fodGYBGusF+4MaTMmNRiRxd1M0RibN:GyXdGlHHTMmNRiLd1M0Rc
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan