amadey | ee511ca7cc073f574952f5894adc8028b701c7caba506b7895f06702e3a28590 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee511ca7cc073f574952f5894adc8028b701c7caba506b7895f06702e3a28590
Size

1.0MB
Sample

230411-gth5vsag52
MD5

5c1d0e35bf1d5e854a8e4776d1786bc2
SHA1

61bb31fdca532e414f0230c9ac7c4058d17ba56f
SHA256

ee511ca7cc073f574952f5894adc8028b701c7caba506b7895f06702e3a28590
SHA512

8427abb197b54b0b27fae4b1e1b308b956c7d5fe1aca396302e8586947b1b9edad963c758e9119ca62b9be439eb6c9162fe87e7fe6c9cc3a4640e4447668bbd0
SSDEEP

24576:Py8/21RpGSYgv9OwDsneU8gpoi5uG+jh4DOOOMXwP6:asEp559yN6i5uDl4yFP

Score

10^/10

amadey evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

77.91.124.207/plays/chapter/index.php

Targets

- Target
  
  ee511ca7cc073f574952f5894adc8028b701c7caba506b7895f06702e3a28590
- Size
  
  1.0MB
- MD5
  
  5c1d0e35bf1d5e854a8e4776d1786bc2
- SHA1
  
  61bb31fdca532e414f0230c9ac7c4058d17ba56f
- SHA256
  
  ee511ca7cc073f574952f5894adc8028b701c7caba506b7895f06702e3a28590
- SHA512
  
  8427abb197b54b0b27fae4b1e1b308b956c7d5fe1aca396302e8586947b1b9edad963c758e9119ca62b9be439eb6c9162fe87e7fe6c9cc3a4640e4447668bbd0
- SSDEEP
  
  24576:Py8/21RpGSYgv9OwDsneU8gpoi5uG+jh4DOOOMXwP6:asEp559yN6i5uDl4yFP
Score

10^/10

amadey evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasionpersistencetrojan