amadey | 728680d2b009f96df9c5cc0d867531f437a54352e0e66d67fe2269d0df793cb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

566KB
Sample

230208-f9z8msgg41
MD5

f52a0bd187425ea34e0e57c3f989674d
SHA1

6d21e538eaafbe33d2d5ed1eaa603988edf37744
SHA256

728680d2b009f96df9c5cc0d867531f437a54352e0e66d67fe2269d0df793cb5
SHA512

55b088cfd8973d83a433e0e9e44ee535bc71e1f5d3f25854850ed54b6ba720c85402c2b62c64bca83fe62dcdf5db0ce48e587cffc7a3ef36a5ef8d11a1604a8d
SSDEEP

12288:0MrAy90pSjNt5CpUDJUrdAJBvQLMy4xVAggiXXL6dvpK:kyfjNKUCrdQ5QLt4wCr6dBK

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  file.exe
- Size
  
  566KB
- MD5
  
  f52a0bd187425ea34e0e57c3f989674d
- SHA1
  
  6d21e538eaafbe33d2d5ed1eaa603988edf37744
- SHA256
  
  728680d2b009f96df9c5cc0d867531f437a54352e0e66d67fe2269d0df793cb5
- SHA512
  
  55b088cfd8973d83a433e0e9e44ee535bc71e1f5d3f25854850ed54b6ba720c85402c2b62c64bca83fe62dcdf5db0ce48e587cffc7a3ef36a5ef8d11a1604a8d
- SSDEEP
  
  12288:0MrAy90pSjNt5CpUDJUrdAJBvQLMy4xVAggiXXL6dvpK:kyfjNKUCrdQ5QLt4wCr6dBK
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan

behavioral2

amadeyevasionpersistencetrojan