Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53534d4ff235ed998ec63aeb9c505403b98e8b85be38bc007602f1ded3bca387

  • Size

    558KB

  • Sample

    230207-dbczcahb44

  • MD5

    402995e98a997636b716f63b1eb0ac21

  • SHA1

    42f3dba86c6c294501c0349050105897507226d4

  • SHA256

    53534d4ff235ed998ec63aeb9c505403b98e8b85be38bc007602f1ded3bca387

  • SHA512

    524f73ebb592b733af537b2a974e0da7d8fb312c2c6ac68266a66b55d8e9defd4c0f0aff7cfb1450c368d001a712a8cc3e063ca66edbc290a85e65158e366784

  • SSDEEP

    12288:uMrvy90SXTukmeT5+6EjDLYr223/lISLGzvu4GHpVD4:5y0egjD8D31LGbyJG

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      53534d4ff235ed998ec63aeb9c505403b98e8b85be38bc007602f1ded3bca387

    • Size

      558KB

    • MD5

      402995e98a997636b716f63b1eb0ac21

    • SHA1

      42f3dba86c6c294501c0349050105897507226d4

    • SHA256

      53534d4ff235ed998ec63aeb9c505403b98e8b85be38bc007602f1ded3bca387

    • SHA512

      524f73ebb592b733af537b2a974e0da7d8fb312c2c6ac68266a66b55d8e9defd4c0f0aff7cfb1450c368d001a712a8cc3e063ca66edbc290a85e65158e366784

    • SSDEEP

      12288:uMrvy90SXTukmeT5+6EjDLYr223/lISLGzvu4GHpVD4:5y0egjD8D31LGbyJG

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks