amadey | 0851d6bd4a42a4123de6fc3de0809b29451153299e570c5284abb3033585159b | Triage

Resubmissions

22-03-2024 03:57

240322-eh6exagd94 10

22-03-2024 02:25

240322-cwqkhafc56 10

Sharing

General

Target

0851d6bd4a42a4123de6fc3de0809b29451153299e570c5284abb3033585159b
Size

1.8MB
Sample

240322-eh6exagd94
MD5

3deb44decaf4c0c6bae78a603f2b4a71
SHA1

b9ee88f8b78e5d392b48b6a911d5529308173568
SHA256

0851d6bd4a42a4123de6fc3de0809b29451153299e570c5284abb3033585159b
SHA512

eb4b9ab5423e818cedcbbc8b731948b5075df5768b57503b423cd49f10514b218c624feb66ba98ad57a624e00cf16fd04b73162e89cae5d7a5dbe8339f9c778b
SSDEEP

49152:un5E5pxdMwL/kxgLj/jPRdFRrRUvpVuvAexy0C:eE5pM8sxgCBVmAexy0C

Score

10^/10

amadey evasion trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Targets

- Target
  
  0851d6bd4a42a4123de6fc3de0809b29451153299e570c5284abb3033585159b
- Size
  
  1.8MB
- MD5
  
  3deb44decaf4c0c6bae78a603f2b4a71
- SHA1
  
  b9ee88f8b78e5d392b48b6a911d5529308173568
- SHA256
  
  0851d6bd4a42a4123de6fc3de0809b29451153299e570c5284abb3033585159b
- SHA512
  
  eb4b9ab5423e818cedcbbc8b731948b5075df5768b57503b423cd49f10514b218c624feb66ba98ad57a624e00cf16fd04b73162e89cae5d7a5dbe8339f9c778b
- SSDEEP
  
  49152:un5E5pxdMwL/kxgLj/jPRdFRrRUvpVuvAexy0C:eE5pM8sxgCBVmAexy0C
Score

10^/10

amadey evasion trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyevasiontrojan

behavioral2

amadeyevasiontrojan