Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

a81c2eb453a5fb0cb4141303a25e3fd1091888fb8dbc9c01214204bf84409d90
Size

558KB
Sample

230206-yr7twaff64
MD5

1a9b9352526b8d276e36089970fcf2b7
SHA1

1a4722d7106f0765c3a90ba352ed6d717c9ca7a9
SHA256

a81c2eb453a5fb0cb4141303a25e3fd1091888fb8dbc9c01214204bf84409d90
SHA512

25beacf158149d5f9f087f114c4eb3dc61446b11b0fda6686644c1c2c7ced322768b9a994b05977c4ff8d958fb09ede52dcfe1d13753f009b63b42ad38132299
SSDEEP

12288:xMr5y90Jib5ZXfbzbyvakUK6uYCvaTm53VpaWg+bVdKwjfGX8/ms:cy8sfwDHvq2fbRes

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  a81c2eb453a5fb0cb4141303a25e3fd1091888fb8dbc9c01214204bf84409d90
- Size
  
  558KB
- MD5
  
  1a9b9352526b8d276e36089970fcf2b7
- SHA1
  
  1a4722d7106f0765c3a90ba352ed6d717c9ca7a9
- SHA256
  
  a81c2eb453a5fb0cb4141303a25e3fd1091888fb8dbc9c01214204bf84409d90
- SHA512
  
  25beacf158149d5f9f087f114c4eb3dc61446b11b0fda6686644c1c2c7ced322768b9a994b05977c4ff8d958fb09ede52dcfe1d13753f009b63b42ad38132299
- SSDEEP
  
  12288:xMr5y90Jib5ZXfbzbyvakUK6uYCvaTm53VpaWg+bVdKwjfGX8/ms:cy8sfwDHvq2fbRes
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan