amadey | 0887974f81f7e6a1aa7658d37ba02ebdcdb45f84254b6fc19934147a25f02aa0 | Triage

Sharing

General

Target

0887974f81f7e6a1aa7658d37ba02ebdcdb45f84254b6fc19934147a25f02aa0
Size

567KB
Sample

230209-d9yzgaad41
MD5

1f025d14622936b143c32a5cc656f5d8
SHA1

53db56ed2778ec9a39adae10441e406a7c7e27b9
SHA256

0887974f81f7e6a1aa7658d37ba02ebdcdb45f84254b6fc19934147a25f02aa0
SHA512

9859dd3cd8860e7765a6ab4255b4a469baf157f2d87d9ba0150b4e1f1f2aab123b5a42fc9079ee93640579d040dd01e0cefb3719f1e05526be5c3cc0a7b161b0
SSDEEP

12288:0Mrmy90QIimQWlXCHzbPvuoUXG88Lmt7bt:Sy3Ii4XMvuoGG8g675

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  0887974f81f7e6a1aa7658d37ba02ebdcdb45f84254b6fc19934147a25f02aa0
- Size
  
  567KB
- MD5
  
  1f025d14622936b143c32a5cc656f5d8
- SHA1
  
  53db56ed2778ec9a39adae10441e406a7c7e27b9
- SHA256
  
  0887974f81f7e6a1aa7658d37ba02ebdcdb45f84254b6fc19934147a25f02aa0
- SHA512
  
  9859dd3cd8860e7765a6ab4255b4a469baf157f2d87d9ba0150b4e1f1f2aab123b5a42fc9079ee93640579d040dd01e0cefb3719f1e05526be5c3cc0a7b161b0
- SSDEEP
  
  12288:0Mrmy90QIimQWlXCHzbPvuoUXG88Lmt7bt:Sy3Ii4XMvuoGG8g675
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan