Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    525KB

  • Sample

    230208-e4s2psgf4x

  • MD5

    c037d6b45c7b599393771df4ca24b60b

  • SHA1

    9b2d7fd4ff653fc41af9c65cbc7f081f07c92f25

  • SHA256

    db423c489a2fb6832059d6927b7e58e970c73c988fd395512263561327033832

  • SHA512

    1085b33c6f37bbe7281e980d2cfd6dd9db0ce9da7d5e042541350d6f308410246d4061e127863c4b4046aed4efc56e86bb97c73ccef2ca1e9d5b943a5898d527

  • SSDEEP

    12288:hMrpy90IdBAI18PltyLyIEClQAopZw9vtfV:IyjqiLYpFmvL

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      file.exe

    • Size

      525KB

    • MD5

      c037d6b45c7b599393771df4ca24b60b

    • SHA1

      9b2d7fd4ff653fc41af9c65cbc7f081f07c92f25

    • SHA256

      db423c489a2fb6832059d6927b7e58e970c73c988fd395512263561327033832

    • SHA512

      1085b33c6f37bbe7281e980d2cfd6dd9db0ce9da7d5e042541350d6f308410246d4061e127863c4b4046aed4efc56e86bb97c73ccef2ca1e9d5b943a5898d527

    • SSDEEP

      12288:hMrpy90IdBAI18PltyLyIEClQAopZw9vtfV:IyjqiLYpFmvL

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks