amadey | 2a63c290a4d1a4a2545b2152d7444bdaf8e0a916c73ae1500505d1de885d3999 | Triage

Sharing

General

Target

file.exe
Size

566KB
Sample

230208-kr54dshh24
MD5

7a457cb4647ea555932bf1413cafe849
SHA1

0891c4657575ae94af9d93e5d4dfa0bc4c92fe98
SHA256

2a63c290a4d1a4a2545b2152d7444bdaf8e0a916c73ae1500505d1de885d3999
SHA512

536adc7f89d1e47e10875e65d8a0d9778de13592a25ea5525a326d77f9f0e14fd05569cfadabe5848985731aaf8f40440f4bdbb80aad2642a2b1c5235dce7f62
SSDEEP

12288:HMrIy90X50B6ClVDv1U2QTXIj62d456V+PrNE7L6ypOIT07V:PykiV5U2aOLML2LrX0J

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  file.exe
- Size
  
  566KB
- MD5
  
  7a457cb4647ea555932bf1413cafe849
- SHA1
  
  0891c4657575ae94af9d93e5d4dfa0bc4c92fe98
- SHA256
  
  2a63c290a4d1a4a2545b2152d7444bdaf8e0a916c73ae1500505d1de885d3999
- SHA512
  
  536adc7f89d1e47e10875e65d8a0d9778de13592a25ea5525a326d77f9f0e14fd05569cfadabe5848985731aaf8f40440f4bdbb80aad2642a2b1c5235dce7f62
- SSDEEP
  
  12288:HMrIy90X50B6ClVDv1U2QTXIj62d456V+PrNE7L6ypOIT07V:PykiV5U2aOLML2LrX0J
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan

behavioral2

amadeyevasionpersistencetrojan