amadey | 89fa122a017b99c59beb0ab39e8aca9205978410e8ca9c230a114bafbab21992 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89fa122a017b99c59beb0ab39e8aca9205978410e8ca9c230a114bafbab21992
Size

815KB
Sample

230421-17vklaac77
MD5

17cacd771fe30050908f29e25cdc9304
SHA1

bf0e2bd303a5db056206a4c186c7b653a743a25e
SHA256

89fa122a017b99c59beb0ab39e8aca9205978410e8ca9c230a114bafbab21992
SHA512

7e0997952863f8a8353ad593f123b256bc1e23df2278b179af8cc6df13090e4b8f2be40468f66ff54aad05926fe61e0b212d6060a646904a17e34bc3c2fc7997
SSDEEP

12288:Ey90b+EopwsEaQF4cG2hxECWWTLiShswEhoxKVyCm6hEYMVRKMDGOZ:EyoV14cErY3sRhocVyCDherKMDz

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  89fa122a017b99c59beb0ab39e8aca9205978410e8ca9c230a114bafbab21992
- Size
  
  815KB
- MD5
  
  17cacd771fe30050908f29e25cdc9304
- SHA1
  
  bf0e2bd303a5db056206a4c186c7b653a743a25e
- SHA256
  
  89fa122a017b99c59beb0ab39e8aca9205978410e8ca9c230a114bafbab21992
- SHA512
  
  7e0997952863f8a8353ad593f123b256bc1e23df2278b179af8cc6df13090e4b8f2be40468f66ff54aad05926fe61e0b212d6060a646904a17e34bc3c2fc7997
- SSDEEP
  
  12288:Ey90b+EopwsEaQF4cG2hxECWWTLiShswEhoxKVyCm6hEYMVRKMDGOZ:EyoV14cErY3sRhocVyCDherKMDz
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan

behavioral2

amadeydiscoveryevasionpersistencespywarestealertrojan