Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    007ddb263778b83095083214594abf9e20964ebba9d3f5f7b91644b545018580

  • Size

    558KB

  • Sample

    230207-cs4yqacb9y

  • MD5

    a9c99abba6b25d4934195e6ef1dc877a

  • SHA1

    3681d1af8e0147e3e56b85b170beb1fec607f26a

  • SHA256

    007ddb263778b83095083214594abf9e20964ebba9d3f5f7b91644b545018580

  • SHA512

    9f32e65fad72d0bfc4fba345dad29cbe0fd42ba46c7c23f600d9c1e9a6e1aa779e5d14bee453d228df072006f110bb7821a854a60fa9fcd7faf9af55c4e43b09

  • SSDEEP

    12288:4Mrfy90k28Pi9kbJ0hIk0kzUCYTsOOaq+ru:ny+9kqjbwCYTsO2+C

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      007ddb263778b83095083214594abf9e20964ebba9d3f5f7b91644b545018580

    • Size

      558KB

    • MD5

      a9c99abba6b25d4934195e6ef1dc877a

    • SHA1

      3681d1af8e0147e3e56b85b170beb1fec607f26a

    • SHA256

      007ddb263778b83095083214594abf9e20964ebba9d3f5f7b91644b545018580

    • SHA512

      9f32e65fad72d0bfc4fba345dad29cbe0fd42ba46c7c23f600d9c1e9a6e1aa779e5d14bee453d228df072006f110bb7821a854a60fa9fcd7faf9af55c4e43b09

    • SSDEEP

      12288:4Mrfy90k28Pi9kbJ0hIk0kzUCYTsOOaq+ru:ny+9kqjbwCYTsO2+C

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks