amadey | 11ff4f5844556a72235e5f8f74f2e87f4bfb9b6f74d0212b469752d8e815d067 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11ff4f5844556a72235e5f8f74f2e87f4bfb9b6f74d0212b469752d8e815d067
Size

525KB
Sample

230208-d6pavsge2x
MD5

a928eefd1a9398d3a16a5e8568392c92
SHA1

65ab063797ffd6921e6ba98fbed8cf40fef88c11
SHA256

11ff4f5844556a72235e5f8f74f2e87f4bfb9b6f74d0212b469752d8e815d067
SHA512

00d50170ad0afb8121a62387d4a3ef3fd9e035f3e198f6e497c89d96ee034e0b78ca7125d7c83819f98f328c18444bacc73f614759aa2c515bfb76fd5bced5a0
SSDEEP

12288:lMrSy90DdWRVc7lozhJfmrQDLiG4864mYfnBhEXROdFi2L13Dr:3y8d2ValotJWKY4m4hEX8M2L5r

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  11ff4f5844556a72235e5f8f74f2e87f4bfb9b6f74d0212b469752d8e815d067
- Size
  
  525KB
- MD5
  
  a928eefd1a9398d3a16a5e8568392c92
- SHA1
  
  65ab063797ffd6921e6ba98fbed8cf40fef88c11
- SHA256
  
  11ff4f5844556a72235e5f8f74f2e87f4bfb9b6f74d0212b469752d8e815d067
- SHA512
  
  00d50170ad0afb8121a62387d4a3ef3fd9e035f3e198f6e497c89d96ee034e0b78ca7125d7c83819f98f328c18444bacc73f614759aa2c515bfb76fd5bced5a0
- SSDEEP
  
  12288:lMrSy90DdWRVc7lozhJfmrQDLiG4864mYfnBhEXROdFi2L13Dr:3y8d2ValotJWKY4m4hEX8M2L5r
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan