amadey | 2135f8c4487bd40e7348236598f4dfd2fef648cabc0e5a9b74990a9f85eae431 | Triage

Sharing

General

Target

x4350340.exe
Size

277KB
Sample

230904-bxd3esde83
MD5

fd502539db882fced169e65f67a0b7fe
SHA1

67c6de2da96c062fa951673895a987fba3df5819
SHA256

2135f8c4487bd40e7348236598f4dfd2fef648cabc0e5a9b74990a9f85eae431
SHA512

4e7ffa35f0988dabc2f2db38a73557db6d19547e1910dde1f1890bd732a89dc3eda66fd8ea80f43b6796bba11440f5811d44f6b3c75114880036c54e2843edae
SSDEEP

6144:KYy+bnr+4p0yN90QExeI8XniuYKLW0YjrR2auQL:4Mr0y90C7/hUl2A

Score

10^/10

amadey healer dropper evasion persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes

install_dir
b40d11255d
install_file
saves.exe
strings_key
fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Targets

- Target
  
  x4350340.exe
- Size
  
  277KB
- MD5
  
  fd502539db882fced169e65f67a0b7fe
- SHA1
  
  67c6de2da96c062fa951673895a987fba3df5819
- SHA256
  
  2135f8c4487bd40e7348236598f4dfd2fef648cabc0e5a9b74990a9f85eae431
- SHA512
  
  4e7ffa35f0988dabc2f2db38a73557db6d19547e1910dde1f1890bd732a89dc3eda66fd8ea80f43b6796bba11440f5811d44f6b3c75114880036c54e2843edae
- SSDEEP
  
  6144:KYy+bnr+4p0yN90QExeI8XniuYKLW0YjrR2auQL:4Mr0y90C7/hUl2A
Score

10^/10

amadey healer dropper evasion persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyhealerdropperevasionpersistencetrojan

behavioral2

amadeyhealerdropperevasionpersistencetrojan