amadey | 50f8a9b957e9fca887ddc655800288b549c074ace2643736388c9813d9120865 | Triage

Sharing

General

Target

50f8a9b957e9fca887ddc655800288b549c074ace2643736388c9813d9120865
Size

1.0MB
Sample

230411-c5hk9aaa63
MD5

cca6f728e75a6b43c468622f8eaab702
SHA1

24016271d528e55de39fad0fc3345533d11866c8
SHA256

50f8a9b957e9fca887ddc655800288b549c074ace2643736388c9813d9120865
SHA512

e3a98a7a7e27674abb7b11cfaac3fc4572d879001a1b6313680ef62dd9b607dd97f043997010fc9a60dbc7aa5f396b9c3643ee5f0a315b6183dfe55e3a5d98ad
SSDEEP

24576:/yxab8o+Df4lSeqRd3h9uTnrBA4Zh7OFQrMWTMeHskzHE76:KgQoQ9xhIvS4Zh7CWrMk

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

77.91.124.207/plays/chapter/index.php

Targets

- Target
  
  50f8a9b957e9fca887ddc655800288b549c074ace2643736388c9813d9120865
- Size
  
  1.0MB
- MD5
  
  cca6f728e75a6b43c468622f8eaab702
- SHA1
  
  24016271d528e55de39fad0fc3345533d11866c8
- SHA256
  
  50f8a9b957e9fca887ddc655800288b549c074ace2643736388c9813d9120865
- SHA512
  
  e3a98a7a7e27674abb7b11cfaac3fc4572d879001a1b6313680ef62dd9b607dd97f043997010fc9a60dbc7aa5f396b9c3643ee5f0a315b6183dfe55e3a5d98ad
- SSDEEP
  
  24576:/yxab8o+Df4lSeqRd3h9uTnrBA4Zh7OFQrMWTMeHskzHE76:KgQoQ9xhIvS4Zh7CWrMk
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan