amadey | 095d2c5710be363e34a1933153a9d583c59088f0a3990f6c8c91dfdafcdab72d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

095d2c5710be363e34a1933153a9d583c59088f0a3990f6c8c91dfdafcdab72d
Size

843KB
Sample

230417-v8zytafd42
MD5

63d9acb941cef3cba4f9359d7d4ca500
SHA1

5fa3bc268345377fcd41ee2b3371913085aef9a9
SHA256

095d2c5710be363e34a1933153a9d583c59088f0a3990f6c8c91dfdafcdab72d
SHA512

f31386c6736c5b97cff24ff73d9449cc5696fce5abdfdcadbcb90e6cc868e6bae173d59bb0f4a26522f82e9c56eec273c166dac96a1af0c57394db0f1f58b1a3
SSDEEP

12288:Jy90f0EVENcTjwoBzet9kmwGn15+1mlQjsqIOb8yfXY2AKNhwGZVESqzj:JygV7TTejkFG15H8TDfI2A4hLNqH

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  095d2c5710be363e34a1933153a9d583c59088f0a3990f6c8c91dfdafcdab72d
- Size
  
  843KB
- MD5
  
  63d9acb941cef3cba4f9359d7d4ca500
- SHA1
  
  5fa3bc268345377fcd41ee2b3371913085aef9a9
- SHA256
  
  095d2c5710be363e34a1933153a9d583c59088f0a3990f6c8c91dfdafcdab72d
- SHA512
  
  f31386c6736c5b97cff24ff73d9449cc5696fce5abdfdcadbcb90e6cc868e6bae173d59bb0f4a26522f82e9c56eec273c166dac96a1af0c57394db0f1f58b1a3
- SSDEEP
  
  12288:Jy90f0EVENcTjwoBzet9kmwGn15+1mlQjsqIOb8yfXY2AKNhwGZVESqzj:JygV7TTejkFG15H8TDfI2A4hLNqH
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan