Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

305304510c94fcf461724694aafabe384f7f15f1eda5eeb618870cdc844b339d
Size

558KB
Sample

230206-zebrcaba71
MD5

1b47f78e18797f3b368da535312f097e
SHA1

f6578c15b146c348a884a88edc58caad597bf817
SHA256

305304510c94fcf461724694aafabe384f7f15f1eda5eeb618870cdc844b339d
SHA512

1e757ef9216b6ec59c5d7ab982833acf9c46af8a266ad34d2da962f5de2fe622e9edebbe7a7e228b91577f95f560d7ba2b9c328b1bb1d28cdb19b8d22569c007
SSDEEP

12288:DMr/y906LYx6WGU+XsF++MaTAmNRK8B81VICfFLJ:4yd/WRnHTAmNRK8e11fH

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  305304510c94fcf461724694aafabe384f7f15f1eda5eeb618870cdc844b339d
- Size
  
  558KB
- MD5
  
  1b47f78e18797f3b368da535312f097e
- SHA1
  
  f6578c15b146c348a884a88edc58caad597bf817
- SHA256
  
  305304510c94fcf461724694aafabe384f7f15f1eda5eeb618870cdc844b339d
- SHA512
  
  1e757ef9216b6ec59c5d7ab982833acf9c46af8a266ad34d2da962f5de2fe622e9edebbe7a7e228b91577f95f560d7ba2b9c328b1bb1d28cdb19b8d22569c007
- SSDEEP
  
  12288:DMr/y906LYx6WGU+XsF++MaTAmNRK8B81VICfFLJ:4yd/WRnHTAmNRK8e11fH
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan