Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

840d1f16a93cee9ee46c66ef63bc9227ebfb23465bc19abc7e216d2471e19a84
Size

558KB
Sample

230206-yh59paah3y
MD5

0f0160c207e1bbfe44be146b432f7b75
SHA1

1212bdc7c23ca87d5de120dabf1f64454146b7b5
SHA256

840d1f16a93cee9ee46c66ef63bc9227ebfb23465bc19abc7e216d2471e19a84
SHA512

b19601e30b3950680080ed352cb0b235ab61e5dd26e411d39d05dd48ab2ccec7794ade8dd1a7bbca94c352f7690704460d86166d13667c1b91f0ad00d6b61f5b
SSDEEP

12288:iMrHy90lVqeCcVHgaN6bBUK6uYCvQTw53VpaRb+bVUKenp6dv:dyoVCcpMDHvoj66Y5

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  840d1f16a93cee9ee46c66ef63bc9227ebfb23465bc19abc7e216d2471e19a84
- Size
  
  558KB
- MD5
  
  0f0160c207e1bbfe44be146b432f7b75
- SHA1
  
  1212bdc7c23ca87d5de120dabf1f64454146b7b5
- SHA256
  
  840d1f16a93cee9ee46c66ef63bc9227ebfb23465bc19abc7e216d2471e19a84
- SHA512
  
  b19601e30b3950680080ed352cb0b235ab61e5dd26e411d39d05dd48ab2ccec7794ade8dd1a7bbca94c352f7690704460d86166d13667c1b91f0ad00d6b61f5b
- SSDEEP
  
  12288:iMrHy90lVqeCcVHgaN6bBUK6uYCvQTw53VpaRb+bVUKenp6dv:dyoVCcpMDHvoj66Y5
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan