amadey | e02e57908d663a421032437b13242a71ed5114efade6532d862140709463495e | Triage

Resubmissions

11-03-2024 03:32

240311-d33zvabb68 10

06-03-2024 05:01

240306-fn1x2scg89 10

Sharing

General

Target

e02e57908d663a421032437b13242a71ed5114efade6532d862140709463495e
Size

1.9MB
Sample

240311-d33zvabb68
MD5

cac99a7d6e2694ba5d3f1caebcba4289
SHA1

534a59ecaa69f5de4f2a1da7253d2de8b312437b
SHA256

e02e57908d663a421032437b13242a71ed5114efade6532d862140709463495e
SHA512

f22e15137d0d26fe8551a978cf56a1939e1d931a54c5b52ece960417d35b48b42a4f86bc3ddc88c7239a2e6a0a9d6e7a7f11ce565be7d674b03e9ab1053f42ae
SSDEEP

49152:sQWcrWKywF/4n9wTJjutAPgX8Pqrk1zkYytszE:sOWJSTJ1oXVrukZd

Score

10^/10

amadey evasion trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Targets

- Target
  
  e02e57908d663a421032437b13242a71ed5114efade6532d862140709463495e
- Size
  
  1.9MB
- MD5
  
  cac99a7d6e2694ba5d3f1caebcba4289
- SHA1
  
  534a59ecaa69f5de4f2a1da7253d2de8b312437b
- SHA256
  
  e02e57908d663a421032437b13242a71ed5114efade6532d862140709463495e
- SHA512
  
  f22e15137d0d26fe8551a978cf56a1939e1d931a54c5b52ece960417d35b48b42a4f86bc3ddc88c7239a2e6a0a9d6e7a7f11ce565be7d674b03e9ab1053f42ae
- SSDEEP
  
  49152:sQWcrWKywF/4n9wTJjutAPgX8Pqrk1zkYytszE:sOWJSTJ1oXVrukZd
Score

10^/10

amadey evasion trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasiontrojan

behavioral2

amadeyevasiontrojan