Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    508ddd34ec72abc2e8225c637c076f59b7116ff62765e278ad8ef95757575f64

  • Size

    558KB

  • Sample

    230207-a8vzmsgg22

  • MD5

    2860f1749706e1f9b12ee26e4f52da63

  • SHA1

    929d63ae0e07f8ac22df062358207f62aaaa71c8

  • SHA256

    508ddd34ec72abc2e8225c637c076f59b7116ff62765e278ad8ef95757575f64

  • SHA512

    d8320d2a7633aad313c6d2c9545e09e495281191bf6d56c7a5ede9f08ca5a84bfd4743816d4d77d46741c6b6d7418b457990984b6aba647a7b40f38598bf6c93

  • SSDEEP

    12288:fMrPy90cXuqT5grF+/iIgt7CutsOCYB+Pp8ae:wydtT5KEaIgpCutsOf+Pu/

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      508ddd34ec72abc2e8225c637c076f59b7116ff62765e278ad8ef95757575f64

    • Size

      558KB

    • MD5

      2860f1749706e1f9b12ee26e4f52da63

    • SHA1

      929d63ae0e07f8ac22df062358207f62aaaa71c8

    • SHA256

      508ddd34ec72abc2e8225c637c076f59b7116ff62765e278ad8ef95757575f64

    • SHA512

      d8320d2a7633aad313c6d2c9545e09e495281191bf6d56c7a5ede9f08ca5a84bfd4743816d4d77d46741c6b6d7418b457990984b6aba647a7b40f38598bf6c93

    • SSDEEP

      12288:fMrPy90cXuqT5grF+/iIgt7CutsOCYB+Pp8ae:wydtT5KEaIgpCutsOf+Pu/

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks