Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d79d81e7c820493ca78414d04821e1402ee4fc7627bdf18f3626d821290f371

  • Size

    558KB

  • Sample

    230206-z6ex3sbb61

  • MD5

    46be65ff744001e7975c525fac88b14b

  • SHA1

    107f9eb9c9655d0fa23b5bf361cf85ece0b28618

  • SHA256

    4d79d81e7c820493ca78414d04821e1402ee4fc7627bdf18f3626d821290f371

  • SHA512

    bf08689d91e1864a77af4b6e6cab22246bbf71efb5cef6cb9fe468da02651af5c61a0bb3eb826ca6e306a43a6cf1ae90a3a10b2b9484fd02685083d20af7f2c0

  • SSDEEP

    12288:MMr3y90tf8xt1VJCpfhXQ6N3+oQsF+uMaTkmNRq03fAbk+Xv:byEfKFCZNzNVHTkmNRq2j+/

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      4d79d81e7c820493ca78414d04821e1402ee4fc7627bdf18f3626d821290f371

    • Size

      558KB

    • MD5

      46be65ff744001e7975c525fac88b14b

    • SHA1

      107f9eb9c9655d0fa23b5bf361cf85ece0b28618

    • SHA256

      4d79d81e7c820493ca78414d04821e1402ee4fc7627bdf18f3626d821290f371

    • SHA512

      bf08689d91e1864a77af4b6e6cab22246bbf71efb5cef6cb9fe468da02651af5c61a0bb3eb826ca6e306a43a6cf1ae90a3a10b2b9484fd02685083d20af7f2c0

    • SSDEEP

      12288:MMr3y90tf8xt1VJCpfhXQ6N3+oQsF+uMaTkmNRq03fAbk+Xv:byEfKFCZNzNVHTkmNRq2j+/

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks