amadey | 45367ea5407de2b6c3ad4b1f2eeb252c9cd28f752da5f4f36455720d4d2f787d | Triage

Sharing

General

Target

45367ea5407de2b6c3ad4b1f2eeb252c9cd28f752da5f4f36455720d4d2f787d
Size

525KB
Sample

230207-t9d73acf89
MD5

d8aa24ee18f9fc10e27470a736555e42
SHA1

de472fd7abdd516c3d9fc66cb2d148384609abb3
SHA256

45367ea5407de2b6c3ad4b1f2eeb252c9cd28f752da5f4f36455720d4d2f787d
SHA512

27c004509ffcade2180e733772b8c911ab6dd634b1b510c3e47bd4fab5f4df46519c87ca074b8b6dcacbf4f273c57d27d88d3bcc9c66003df9cfa2f44b794df6
SSDEEP

12288:fMrgy901GXiqAVRHaPCSSic8AqLB0jQ4:LyoYiqAVkxN6jl

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  45367ea5407de2b6c3ad4b1f2eeb252c9cd28f752da5f4f36455720d4d2f787d
- Size
  
  525KB
- MD5
  
  d8aa24ee18f9fc10e27470a736555e42
- SHA1
  
  de472fd7abdd516c3d9fc66cb2d148384609abb3
- SHA256
  
  45367ea5407de2b6c3ad4b1f2eeb252c9cd28f752da5f4f36455720d4d2f787d
- SHA512
  
  27c004509ffcade2180e733772b8c911ab6dd634b1b510c3e47bd4fab5f4df46519c87ca074b8b6dcacbf4f273c57d27d88d3bcc9c66003df9cfa2f44b794df6
- SSDEEP
  
  12288:fMrgy901GXiqAVRHaPCSSic8AqLB0jQ4:LyoYiqAVkxN6jl
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan