Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

ea2034dd2d02690a54e6f8cee029e1d80d9399b10da4a0dedc4f0b50ddd3c4ac
Size

558KB
Sample

230206-zaa91sfg57
MD5

865b1116dffc11af778b661e51dadea9
SHA1

ea7d2cc1e958eec68d7a7a916396c24b978a2696
SHA256

ea2034dd2d02690a54e6f8cee029e1d80d9399b10da4a0dedc4f0b50ddd3c4ac
SHA512

5157e958812ad4baefb6c3d36da67e30a4105ef202ef7caa72672a63e443bad6923b321418d889ba1be314cb4eb23192f5952a1818fc1e966aaf92d05d68a1bf
SSDEEP

12288:bMrWy90IwFJrY8C9auEjsF+uMaTkmNRqql3fAbk+XT:lyAXY8oHTkmNRqqj+D

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  ea2034dd2d02690a54e6f8cee029e1d80d9399b10da4a0dedc4f0b50ddd3c4ac
- Size
  
  558KB
- MD5
  
  865b1116dffc11af778b661e51dadea9
- SHA1
  
  ea7d2cc1e958eec68d7a7a916396c24b978a2696
- SHA256
  
  ea2034dd2d02690a54e6f8cee029e1d80d9399b10da4a0dedc4f0b50ddd3c4ac
- SHA512
  
  5157e958812ad4baefb6c3d36da67e30a4105ef202ef7caa72672a63e443bad6923b321418d889ba1be314cb4eb23192f5952a1818fc1e966aaf92d05d68a1bf
- SSDEEP
  
  12288:bMrWy90IwFJrY8C9auEjsF+uMaTkmNRqql3fAbk+XT:lyAXY8oHTkmNRqqj+D
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan