amadey | b6b5c554fc3d560ff33019c81c92d49c7c1acacd57276f3a1ba133fe97e6f6f0 | Triage

Sharing

General

Target

b6b5c554fc3d560ff33019c81c92d49c7c1acacd57276f3a1ba133fe97e6f6f0
Size

526KB
Sample

230207-gwtpdahf69
MD5

9ff9e445a7540232f017b508795b1291
SHA1

070888336befb7d39c96ac60906047491a53e576
SHA256

b6b5c554fc3d560ff33019c81c92d49c7c1acacd57276f3a1ba133fe97e6f6f0
SHA512

7db7714b2762342ab534c60c79c12edc370f9ed3949f1243bf0bbd7d2b1e802a233cd692f813ee288cbe20548458790ad61c82e8ea48dda781ce0bd9780c5b2c
SSDEEP

12288:tMr4y90QYWRczui3vtD6pgH7jAQqj7YLhcGua2vcnfcaaH:RyVn/i3lD6pCvAQGYoabnzG

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  b6b5c554fc3d560ff33019c81c92d49c7c1acacd57276f3a1ba133fe97e6f6f0
- Size
  
  526KB
- MD5
  
  9ff9e445a7540232f017b508795b1291
- SHA1
  
  070888336befb7d39c96ac60906047491a53e576
- SHA256
  
  b6b5c554fc3d560ff33019c81c92d49c7c1acacd57276f3a1ba133fe97e6f6f0
- SHA512
  
  7db7714b2762342ab534c60c79c12edc370f9ed3949f1243bf0bbd7d2b1e802a233cd692f813ee288cbe20548458790ad61c82e8ea48dda781ce0bd9780c5b2c
- SSDEEP
  
  12288:tMr4y90QYWRczui3vtD6pgH7jAQqj7YLhcGua2vcnfcaaH:RyVn/i3lD6pCvAQGYoabnzG
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan