amadey | 323cae04b99d36505b632ecc064d0ebf5426c9d1134eec2e841f4d5ee06e5131 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

323cae04b99d36505b632ecc064d0ebf5426c9d1134eec2e841f4d5ee06e5131
Size

2.2MB
Sample

230208-z5ynssge89
MD5

5368c3ce0325ceeafacc7967b9c2413b
SHA1

eee709697c76f9bb1d3bcd14d7f431789fb42f19
SHA256

323cae04b99d36505b632ecc064d0ebf5426c9d1134eec2e841f4d5ee06e5131
SHA512

8c3352030dc212d2ca2884ab5c335fb1add54e54a0310e321a4536248d2b0eb711da871c35ba83814c655b50773800baab220c50bfed4eff4b347a2edfe3e3de
SSDEEP

49152:ahf2wAmdjBabAJ+QWupx6zo07OpTOxqADmIzmrDQxLmtaZ/XVbdisxlwi:vwj4AU1OAoeOUBEQxLm+/XbZxlw

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

- Target
  
  323cae04b99d36505b632ecc064d0ebf5426c9d1134eec2e841f4d5ee06e5131
- Size
  
  2.2MB
- MD5
  
  5368c3ce0325ceeafacc7967b9c2413b
- SHA1
  
  eee709697c76f9bb1d3bcd14d7f431789fb42f19
- SHA256
  
  323cae04b99d36505b632ecc064d0ebf5426c9d1134eec2e841f4d5ee06e5131
- SHA512
  
  8c3352030dc212d2ca2884ab5c335fb1add54e54a0310e321a4536248d2b0eb711da871c35ba83814c655b50773800baab220c50bfed4eff4b347a2edfe3e3de
- SSDEEP
  
  49152:ahf2wAmdjBabAJ+QWupx6zo07OpTOxqADmIzmrDQxLmtaZ/XVbdisxlwi:vwj4AU1OAoeOUBEQxLm+/XbZxlw
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan