amadey | 3af891aa6bfa14e2305956c064d2221bf677bda3ff4e5a6ce1cadb6069bffbd5 | Triage

Sharing

General

Target

3af891aa6bfa14e2305956c064d2221bf677bda3ff4e5a6ce1cadb6069bffbd5
Size

558KB
Sample

230207-bx32jsgh77
MD5

5c178c41e63b165206d2eb197f75d96e
SHA1

0fef9780c3865dbc94eb02be5620c40384c40d4d
SHA256

3af891aa6bfa14e2305956c064d2221bf677bda3ff4e5a6ce1cadb6069bffbd5
SHA512

c1a75f60b993992a12e6af6369a6509231e4138390ef969cec2cc4daac2101c911ced759e331671254db9329bae018d2fc5be52e63ad30d8a8e7696f9819e252
SSDEEP

12288:VMrny90+fKP6DNT3FjKPm58CZMsOwOsNMbPYb:KyTSPkh3RKOSCZMsOaDb

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  3af891aa6bfa14e2305956c064d2221bf677bda3ff4e5a6ce1cadb6069bffbd5
- Size
  
  558KB
- MD5
  
  5c178c41e63b165206d2eb197f75d96e
- SHA1
  
  0fef9780c3865dbc94eb02be5620c40384c40d4d
- SHA256
  
  3af891aa6bfa14e2305956c064d2221bf677bda3ff4e5a6ce1cadb6069bffbd5
- SHA512
  
  c1a75f60b993992a12e6af6369a6509231e4138390ef969cec2cc4daac2101c911ced759e331671254db9329bae018d2fc5be52e63ad30d8a8e7696f9819e252
- SSDEEP
  
  12288:VMrny90+fKP6DNT3FjKPm58CZMsOwOsNMbPYb:KyTSPkh3RKOSCZMsOaDb
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan