amadey | db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7
Size

1.1MB
Sample

230423-tkwqtaed77
MD5

b5a1c2ceaf8d6e7842dbc2b210c714da
SHA1

3e3ce156a2705f43c722e5902df49bbc477f7936
SHA256

db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7
SHA512

b4ab6105d5719669cc65fe752f85c88e0ff2fc6c66475de500e7fe7899b2f31be93225cd12d471454d9d8cace4e0793a01da07c98044e4f9fb6c46e4c1cfcdc9
SSDEEP

24576:9yJEtSve87Bc1vt21sJxNdO+ISM+qvMTqnaSzzeF24ULiS:YJEMve89vMNdO+ZM10Tua5I

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7.exe

Resource

win10v2004-20230220-en

amadey discovery evasion persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7
- Size
  
  1.1MB
- MD5
  
  b5a1c2ceaf8d6e7842dbc2b210c714da
- SHA1
  
  3e3ce156a2705f43c722e5902df49bbc477f7936
- SHA256
  
  db0f2fc56853ddbdcad90167a96534cbd570bbde1f09967c1e2b5528656a39e7
- SHA512
  
  b4ab6105d5719669cc65fe752f85c88e0ff2fc6c66475de500e7fe7899b2f31be93225cd12d471454d9d8cace4e0793a01da07c98044e4f9fb6c46e4c1cfcdc9
- SSDEEP
  
  24576:9yJEtSve87Bc1vt21sJxNdO+ISM+qvMTqnaSzzeF24ULiS:YJEMve89vMNdO+ZM10Tua5I
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy