amadey | 7d1e736b876ad9f4effc5736323bbb1db9d53b49abda5a13d238cbe5f56e136c | Triage

Resubmissions

29-03-2024 01:20

240329-bqfyfadg3y 10

28-03-2024 22:34

240328-2hk6asbb74 10

Sharing

General

Target

7d1e736b876ad9f4effc5736323bbb1db9d53b49abda5a13d238cbe5f56e136c
Size

1.8MB
Sample

240329-bqfyfadg3y
MD5

b8b5138dc6f97136cfebece16f80203d
SHA1

e020d3ac6d101791801e8ce8c921a5f54f78abf5
SHA256

7d1e736b876ad9f4effc5736323bbb1db9d53b49abda5a13d238cbe5f56e136c
SHA512

f26e295c0845b57520ee8392761c532527ca41974f68f189bb37637b45455edceb098ca23d2952e495635719a8da8a39d86d880467bc6ad79071afd870dd9877
SSDEEP

49152:6Bb/umIpUjoMJSb1MFkc5eCohVvb+22WBtsDSHLjgAgtZ:6B/zI3RW6c+hVJ2OymwjZ

Score

10^/10

amadey evasion trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Targets

- Target
  
  7d1e736b876ad9f4effc5736323bbb1db9d53b49abda5a13d238cbe5f56e136c
- Size
  
  1.8MB
- MD5
  
  b8b5138dc6f97136cfebece16f80203d
- SHA1
  
  e020d3ac6d101791801e8ce8c921a5f54f78abf5
- SHA256
  
  7d1e736b876ad9f4effc5736323bbb1db9d53b49abda5a13d238cbe5f56e136c
- SHA512
  
  f26e295c0845b57520ee8392761c532527ca41974f68f189bb37637b45455edceb098ca23d2952e495635719a8da8a39d86d880467bc6ad79071afd870dd9877
- SSDEEP
  
  49152:6Bb/umIpUjoMJSb1MFkc5eCohVvb+22WBtsDSHLjgAgtZ:6B/zI3RW6c+hVJ2OymwjZ
Score

10^/10

amadey evasion trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadeyevasiontrojan

behavioral2

amadeyevasiontrojan