amadey | 6323aef8348b30adff08ea09103e2a752792da5fd4fa3fdd7b12dd038a534d96 | Triage

Sharing

General

Target

6323aef8348b30adff08ea09103e2a752792da5fd4fa3fdd7b12dd038a534d96
Size

558KB
Sample

230207-c653yacc4z
MD5

632ea1dbd091a3939d67ce93de32e24c
SHA1

95794ed9356f0d80b68b839381ed2d5cec09e24e
SHA256

6323aef8348b30adff08ea09103e2a752792da5fd4fa3fdd7b12dd038a534d96
SHA512

3ad90c111445bfd86a13e92c16811032fd68ff86cd6983428beeaf7944f4e9e8776147f26240952a2d4319fa646f5e6342c92b6dfe90b5093ce4e3aa3d510f9e
SSDEEP

12288:8Mray90pnM3VSQ4W2jDEpr22T/lcS9LCl0NrCOIu:2ymnaVx4W2jD4DT59LCErCy

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  6323aef8348b30adff08ea09103e2a752792da5fd4fa3fdd7b12dd038a534d96
- Size
  
  558KB
- MD5
  
  632ea1dbd091a3939d67ce93de32e24c
- SHA1
  
  95794ed9356f0d80b68b839381ed2d5cec09e24e
- SHA256
  
  6323aef8348b30adff08ea09103e2a752792da5fd4fa3fdd7b12dd038a534d96
- SHA512
  
  3ad90c111445bfd86a13e92c16811032fd68ff86cd6983428beeaf7944f4e9e8776147f26240952a2d4319fa646f5e6342c92b6dfe90b5093ce4e3aa3d510f9e
- SSDEEP
  
  12288:8Mray90pnM3VSQ4W2jDEpr22T/lcS9LCl0NrCOIu:2ymnaVx4W2jD4DT59LCErCy
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan