amadey | afa34b3368467d6ef49c6b67fa3373db151ad1b50865ed862dee30d65aa129b3 | Triage

Sharing

General

Target

afa34b3368467d6ef49c6b67fa3373db151ad1b50865ed862dee30d65aa129b3
Size

525KB
Sample

230209-j2mjcsbb8y
MD5

3b96bdfcfb1526637c8e102d025948fd
SHA1

6a7f1d63c850f6b7c9ee7434030d78016952d4d6
SHA256

afa34b3368467d6ef49c6b67fa3373db151ad1b50865ed862dee30d65aa129b3
SHA512

50914d5fa1b8936eec7d40a864189ba0cd8a7d1d50038caadfc4c93f5f1a5d79e538e17156812deb661debb205f26ddc55e09946c9b8ca56152b3bfacff7402d
SSDEEP

12288:FMrmy90lcl6CFoQiCRsB6thS2ubQdeWI1:LywDCCQjubMk

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

- Target
  
  afa34b3368467d6ef49c6b67fa3373db151ad1b50865ed862dee30d65aa129b3
- Size
  
  525KB
- MD5
  
  3b96bdfcfb1526637c8e102d025948fd
- SHA1
  
  6a7f1d63c850f6b7c9ee7434030d78016952d4d6
- SHA256
  
  afa34b3368467d6ef49c6b67fa3373db151ad1b50865ed862dee30d65aa129b3
- SHA512
  
  50914d5fa1b8936eec7d40a864189ba0cd8a7d1d50038caadfc4c93f5f1a5d79e538e17156812deb661debb205f26ddc55e09946c9b8ca56152b3bfacff7402d
- SSDEEP
  
  12288:FMrmy90lcl6CFoQiCRsB6thS2ubQdeWI1:LywDCCQjubMk
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan