amadey | be8fab64ea4cdee143f0740b4d056edf9acd273d375b3b53b077e15604b3b5e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be8fab64ea4cdee143f0740b4d056edf9acd273d375b3b53b077e15604b3b5e7
Size

984KB
Sample

230417-2s416aab2t
MD5

aa93c543f8d6fe4c1d7c2aab5a17fadd
SHA1

e5edcf5e534ddd8d1e0ab5615ebe7e35d5b48787
SHA256

be8fab64ea4cdee143f0740b4d056edf9acd273d375b3b53b077e15604b3b5e7
SHA512

8b36dd5593dae986b570d52dbf6959155c10c5b8260145bbaff5a0368c431bf91edd3829e42b39d17cf707d562e025876b61ecb2ded8e96453a79a7953e14b32
SSDEEP

24576:NyIw46HFgk+yTfF0IQEIrUz3hfz/84+YQpR9TuN:oIP6HFcyTfF0nxrUdfz/YD9T

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  be8fab64ea4cdee143f0740b4d056edf9acd273d375b3b53b077e15604b3b5e7
- Size
  
  984KB
- MD5
  
  aa93c543f8d6fe4c1d7c2aab5a17fadd
- SHA1
  
  e5edcf5e534ddd8d1e0ab5615ebe7e35d5b48787
- SHA256
  
  be8fab64ea4cdee143f0740b4d056edf9acd273d375b3b53b077e15604b3b5e7
- SHA512
  
  8b36dd5593dae986b570d52dbf6959155c10c5b8260145bbaff5a0368c431bf91edd3829e42b39d17cf707d562e025876b61ecb2ded8e96453a79a7953e14b32
- SSDEEP
  
  24576:NyIw46HFgk+yTfF0IQEIrUz3hfz/84+YQpR9TuN:oIP6HFcyTfF0nxrUdfz/YD9T
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan