amadey | 787f789b469f47d66b3a5198b5b243ae24b510c9e9577d0d9e571786d2d1b1f9 | Triage

Sharing

General

Target

y2599304.exe
Size

234KB
Sample

230803-f4lhascf9s
MD5

75bd733f1592c1bfade85b53372629a3
SHA1

28cfc227186b930aed2ff5a1d20c322bb17cacd3
SHA256

787f789b469f47d66b3a5198b5b243ae24b510c9e9577d0d9e571786d2d1b1f9
SHA512

7c935d8f5df5c8bc1c2fe96b293d21ee6b8e1da412f6c14b5f3c8f7b9596987055e56e725588bb05e25b15d082e98c0028b6d1c622c8ea8437bdbe72390ed134
SSDEEP

3072:K8y+bnr+O1B5GWp1icKAArDZz4N9GhbkrNEk1w6D5dMOt7WQqmuXIsj/oc:K8y+bnr+ep0yN90QEBzDQqmSA

Score

10^/10

amadey healer dropper evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Targets

- Target
  
  y2599304.exe
- Size
  
  234KB
- MD5
  
  75bd733f1592c1bfade85b53372629a3
- SHA1
  
  28cfc227186b930aed2ff5a1d20c322bb17cacd3
- SHA256
  
  787f789b469f47d66b3a5198b5b243ae24b510c9e9577d0d9e571786d2d1b1f9
- SHA512
  
  7c935d8f5df5c8bc1c2fe96b293d21ee6b8e1da412f6c14b5f3c8f7b9596987055e56e725588bb05e25b15d082e98c0028b6d1c622c8ea8437bdbe72390ed134
- SSDEEP
  
  3072:K8y+bnr+O1B5GWp1icKAArDZz4N9GhbkrNEk1w6D5dMOt7WQqmuXIsj/oc:K8y+bnr+ep0yN90QEBzDQqmSA
Score

10^/10

amadey healer dropper evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyhealerdropperevasionpersistencetrojan

behavioral2

amadeyhealerdropperevasionpersistencetrojan