amadey | ef43811fb5a77461186b01f12ce251a24e946c4aaa3ea96c5d2f8df033600351 | Triage

Sharing

General

Target

ef43811fb5a77461186b01f12ce251a24e946c4aaa3ea96c5d2f8df033600351
Size

558KB
Sample

230207-b81qkacb3t
MD5

033d0b7a6f0ce6388d2747bbf2ffa59b
SHA1

84859af6852c10a610369e8df40a03ba22ce0805
SHA256

ef43811fb5a77461186b01f12ce251a24e946c4aaa3ea96c5d2f8df033600351
SHA512

32cc456f6527baaf633ee8ace8beef563e9b0155510f3fb789aff9cbb0d16af3bf7b22366ffd60b08fac0f14c52133fa22a5a63299e53a0c71e423bac1239de6
SSDEEP

12288:8MrXy90gXAJfphhR+CYonEB3hICkhsOqp5RCf1RtiO7:ryxMXYoIICkhsO45MfjtiO7

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  ef43811fb5a77461186b01f12ce251a24e946c4aaa3ea96c5d2f8df033600351
- Size
  
  558KB
- MD5
  
  033d0b7a6f0ce6388d2747bbf2ffa59b
- SHA1
  
  84859af6852c10a610369e8df40a03ba22ce0805
- SHA256
  
  ef43811fb5a77461186b01f12ce251a24e946c4aaa3ea96c5d2f8df033600351
- SHA512
  
  32cc456f6527baaf633ee8ace8beef563e9b0155510f3fb789aff9cbb0d16af3bf7b22366ffd60b08fac0f14c52133fa22a5a63299e53a0c71e423bac1239de6
- SSDEEP
  
  12288:8MrXy90gXAJfphhR+CYonEB3hICkhsOqp5RCf1RtiO7:ryxMXYoIICkhsO45MfjtiO7
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan