Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

6b50854a63dbfb7ce1ed17350deccd4f98bc2a70cb94166f496156d3f352cc8a
Size

558KB
Sample

230206-yzbreaba2y
MD5

778e39512b92002c4c69715fdcebf22c
SHA1

100f87c9fbf8c3004d3052b37feeacd9eeb4f6c4
SHA256

6b50854a63dbfb7ce1ed17350deccd4f98bc2a70cb94166f496156d3f352cc8a
SHA512

6dd281dfc4dcd38512e7871067dc3494948b95cd7d18bafca7f71c53a5eb68b5e69363277abdae9a1946b9a715cbe1df4510c6abef69db90a7d2e921090583ae
SSDEEP

12288:8MrVy90HD62Pe2yE0W5ksF+OMaTPmNRbKU6xtOjurAQQ:RycD62Pe235pHTPmNRbKxEjeAR

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  6b50854a63dbfb7ce1ed17350deccd4f98bc2a70cb94166f496156d3f352cc8a
- Size
  
  558KB
- MD5
  
  778e39512b92002c4c69715fdcebf22c
- SHA1
  
  100f87c9fbf8c3004d3052b37feeacd9eeb4f6c4
- SHA256
  
  6b50854a63dbfb7ce1ed17350deccd4f98bc2a70cb94166f496156d3f352cc8a
- SHA512
  
  6dd281dfc4dcd38512e7871067dc3494948b95cd7d18bafca7f71c53a5eb68b5e69363277abdae9a1946b9a715cbe1df4510c6abef69db90a7d2e921090583ae
- SSDEEP
  
  12288:8MrVy90HD62Pe2yE0W5ksF+OMaTPmNRbKU6xtOjurAQQ:RycD62Pe235pHTPmNRbKxEjeAR
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan