amadey | 82a5250b63e074f87046c45d1ddfc3e52bf42b042fb8b4a27fef6d3641c1a2e3 | Triage

Sharing

General

Target

82a5250b63e074f87046c45d1ddfc3e52bf42b042fb8b4a27fef6d3641c1a2e3
Size

942KB
Sample

230415-td291sgc4t
MD5

a7c65625f3b87175559429c5d6bb8099
SHA1

db69cc4de86807eb7c5ec9923326611c987c4b14
SHA256

82a5250b63e074f87046c45d1ddfc3e52bf42b042fb8b4a27fef6d3641c1a2e3
SHA512

50143428fce88658ac6cbb59c02feb9b1436e97ff3c4321b43c72226c6112c5bb56673cbd56958eac259a9a693d3e0dba3feddf1b2c21c0626aee2b95cd074d2
SSDEEP

12288:jy902HjUph33sQt0E7YWXLqMk2yi17wOOY2PhGEU6Y/t5XsWiw6BzeI4kUJwYZ9Q:jy7wph33ft9VL/1EW2PPEaWbgFTfn

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  82a5250b63e074f87046c45d1ddfc3e52bf42b042fb8b4a27fef6d3641c1a2e3
- Size
  
  942KB
- MD5
  
  a7c65625f3b87175559429c5d6bb8099
- SHA1
  
  db69cc4de86807eb7c5ec9923326611c987c4b14
- SHA256
  
  82a5250b63e074f87046c45d1ddfc3e52bf42b042fb8b4a27fef6d3641c1a2e3
- SHA512
  
  50143428fce88658ac6cbb59c02feb9b1436e97ff3c4321b43c72226c6112c5bb56673cbd56958eac259a9a693d3e0dba3feddf1b2c21c0626aee2b95cd074d2
- SSDEEP
  
  12288:jy902HjUph33sQt0E7YWXLqMk2yi17wOOY2PhGEU6Y/t5XsWiw6BzeI4kUJwYZ9Q:jy7wph33ft9VL/1EW2PPEaWbgFTfn
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan