amadey | 6d5e2bae63128e395ff6a57d8c3a72465eaec3d628670b2f081c145aa5b9599d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6d5e2bae63128e395ff6a57d8c3a72465eaec3d628670b2f081c145aa5b9599d
Size

526KB
Sample

230207-gfhxyahe76
MD5

940d511726906e57257de75ed00c75d0
SHA1

557b2518f8f8e60796a759fb361f66cc48e81948
SHA256

6d5e2bae63128e395ff6a57d8c3a72465eaec3d628670b2f081c145aa5b9599d
SHA512

7d7b18b91d67099120502f7993ab7b88efe604e9cf1459d1315c48730336430dff77207d82205a1227c93d1fd48b2b9e34585085438c184492700a67a609840b
SSDEEP

12288:EMrfy90sEOoky7xazOnpd9U7jAQqj77LhcG38OOz:byPoky7xazOz9UvAQG7p8Tz

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  6d5e2bae63128e395ff6a57d8c3a72465eaec3d628670b2f081c145aa5b9599d
- Size
  
  526KB
- MD5
  
  940d511726906e57257de75ed00c75d0
- SHA1
  
  557b2518f8f8e60796a759fb361f66cc48e81948
- SHA256
  
  6d5e2bae63128e395ff6a57d8c3a72465eaec3d628670b2f081c145aa5b9599d
- SHA512
  
  7d7b18b91d67099120502f7993ab7b88efe604e9cf1459d1315c48730336430dff77207d82205a1227c93d1fd48b2b9e34585085438c184492700a67a609840b
- SSDEEP
  
  12288:EMrfy90sEOoky7xazOnpd9U7jAQqj77LhcG38OOz:byPoky7xazOz9UvAQG7p8Tz
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan