amadey | e7c2703d355a9bf40e83f072ed7d92b5d9b2657b77093feedb8eb46f4f645701 | Triage

Sharing

General

Target

e7c2703d355a9bf40e83f072ed7d92b5d9b2657b77093feedb8eb46f4f645701
Size

558KB
Sample

230207-cc5v3sha35
MD5

c6881cd45b37377958838eec60f8986a
SHA1

0ce028737f59b061d368a115e901301947cce281
SHA256

e7c2703d355a9bf40e83f072ed7d92b5d9b2657b77093feedb8eb46f4f645701
SHA512

e2a4991f4e7333881f29625c62ef23f1c23b649617cba05e5a22fe327a64820bf3342401f3fa15b76bab0739d292ad6be90872c8f5c625c40dd15e7d7c60a0f8
SSDEEP

6144:KKy+bnr+xp0yN90QEKJNzBlon+bwq8pv/xnwUf0Nv4CTAhsOS/lyaB08ktM7bt0y:yMrly90iponmghnwUMOCTGsOOuUbykD

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  e7c2703d355a9bf40e83f072ed7d92b5d9b2657b77093feedb8eb46f4f645701
- Size
  
  558KB
- MD5
  
  c6881cd45b37377958838eec60f8986a
- SHA1
  
  0ce028737f59b061d368a115e901301947cce281
- SHA256
  
  e7c2703d355a9bf40e83f072ed7d92b5d9b2657b77093feedb8eb46f4f645701
- SHA512
  
  e2a4991f4e7333881f29625c62ef23f1c23b649617cba05e5a22fe327a64820bf3342401f3fa15b76bab0739d292ad6be90872c8f5c625c40dd15e7d7c60a0f8
- SSDEEP
  
  6144:KKy+bnr+xp0yN90QEKJNzBlon+bwq8pv/xnwUf0Nv4CTAhsOS/lyaB08ktM7bt0y:yMrly90iponmghnwUMOCTGsOOuUbykD
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan