Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55999374a1ef91176455cadaf01b6bf1fd79a3cb6abe562530b072129e0bcabb

  • Size

    558KB

  • Sample

    230207-azvmhsbh21

  • MD5

    254dae38f7064e090ffadb8375af2fe9

  • SHA1

    126fab05f22fb4f9852b5acfc9b442b7154085b2

  • SHA256

    55999374a1ef91176455cadaf01b6bf1fd79a3cb6abe562530b072129e0bcabb

  • SHA512

    20123d1bb2207edb52e011b2636251f2c38150effe3010669dc81a0843d7669faf281f4d8890d29201637080cdc8586c604722cc2b1dc2cdad8c7c4f74a67b5e

  • SSDEEP

    12288:0Mrry90rv64bSII/0XKeCqJsOG5WX4U2mn5Tj:HyybSvMXKeCqJsO4WIUdnl

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      55999374a1ef91176455cadaf01b6bf1fd79a3cb6abe562530b072129e0bcabb

    • Size

      558KB

    • MD5

      254dae38f7064e090ffadb8375af2fe9

    • SHA1

      126fab05f22fb4f9852b5acfc9b442b7154085b2

    • SHA256

      55999374a1ef91176455cadaf01b6bf1fd79a3cb6abe562530b072129e0bcabb

    • SHA512

      20123d1bb2207edb52e011b2636251f2c38150effe3010669dc81a0843d7669faf281f4d8890d29201637080cdc8586c604722cc2b1dc2cdad8c7c4f74a67b5e

    • SSDEEP

      12288:0Mrry90rv64bSII/0XKeCqJsOG5WX4U2mn5Tj:HyybSvMXKeCqJsO4WIUdnl

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks