amadey | 486682aa5310091a4f0e7649292afa8e1c22bfb7cf31c16dacc992da2cc07c1d | Triage

Sharing

General

Target

486682aa5310091a4f0e7649292afa8e1c22bfb7cf31c16dacc992da2cc07c1d
Size

1.4MB
Sample

230416-ge6bvaag21
MD5

fc4c391da15110245f2f3d7721d9020a
SHA1

2efb92606099fd11c6be932a7ed68959cbf1cae5
SHA256

486682aa5310091a4f0e7649292afa8e1c22bfb7cf31c16dacc992da2cc07c1d
SHA512

4b58cccdc79010acaa08701a2e95c37164a4cea1b87f880edf9aabc434e253fd9aff0d092ea38002da9a005a36009170809265f0d79c20c091c3798abf750a68
SSDEEP

24576:9y4O0g8EddKtIekd01WhLDzCOWa+GAOYiuZRuMX+c501sHfKWsiYekyU+06V:YB0f4h7COl+GwiGRudbsSWxYeDPD

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

- Target
  
  486682aa5310091a4f0e7649292afa8e1c22bfb7cf31c16dacc992da2cc07c1d
- Size
  
  1.4MB
- MD5
  
  fc4c391da15110245f2f3d7721d9020a
- SHA1
  
  2efb92606099fd11c6be932a7ed68959cbf1cae5
- SHA256
  
  486682aa5310091a4f0e7649292afa8e1c22bfb7cf31c16dacc992da2cc07c1d
- SHA512
  
  4b58cccdc79010acaa08701a2e95c37164a4cea1b87f880edf9aabc434e253fd9aff0d092ea38002da9a005a36009170809265f0d79c20c091c3798abf750a68
- SSDEEP
  
  24576:9y4O0g8EddKtIekd01WhLDzCOWa+GAOYiuZRuMX+c501sHfKWsiYekyU+06V:YB0f4h7COl+GwiGRudbsSWxYeDPD
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan