amadey | 4ea2670fe6ff4161713d598dd8f0c284b9a1c256666e8df1384ecc5631a76ea2 | Triage

Sharing

General

Target

4ea2670fe6ff4161713d598dd8f0c284b9a1c256666e8df1384ecc5631a76ea2
Size

558KB
Sample

230207-bz5yxsca8y
MD5

de0950e00603a5b496c0388c667e488c
SHA1

525101a0d93a3ba608d001ec28e58ec3c8cc5396
SHA256

4ea2670fe6ff4161713d598dd8f0c284b9a1c256666e8df1384ecc5631a76ea2
SHA512

0bb91fedc5e474f82efbec458dd33cf2abb0135186345f42a3f00d4327414c878327fc9e68ea8d6f8e37d01743e524cf28b8e2e1f5bf0825c28b5ba3670f559b
SSDEEP

12288:/MrTy90t7Flk+BgpCxUSHCcdsOYJkMaXtAgHisWwti:oyUZXcCxtCcdsODXtAGisWwti

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  4ea2670fe6ff4161713d598dd8f0c284b9a1c256666e8df1384ecc5631a76ea2
- Size
  
  558KB
- MD5
  
  de0950e00603a5b496c0388c667e488c
- SHA1
  
  525101a0d93a3ba608d001ec28e58ec3c8cc5396
- SHA256
  
  4ea2670fe6ff4161713d598dd8f0c284b9a1c256666e8df1384ecc5631a76ea2
- SHA512
  
  0bb91fedc5e474f82efbec458dd33cf2abb0135186345f42a3f00d4327414c878327fc9e68ea8d6f8e37d01743e524cf28b8e2e1f5bf0825c28b5ba3670f559b
- SSDEEP
  
  12288:/MrTy90t7Flk+BgpCxUSHCcdsOYJkMaXtAgHisWwti:oyUZXcCxtCcdsODXtAGisWwti
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan