amadey | 73c8c6f74db38fbcf64f7262bce4d397b86aca9444650d7e4f347b0606b1a78f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

load_security.exe
Size

16.2MB
Sample

240422-n4c5xsah85
MD5

41e8a14eb9ad7c9f656065bef52df9d7
SHA1

735adabfcf3943d590717609d0058c8edd860073
SHA256

73c8c6f74db38fbcf64f7262bce4d397b86aca9444650d7e4f347b0606b1a78f
SHA512

2412062cf4db8f6d0f22dd96b64f73a85eace2f1ee36ebd0c8e9a895aa033a90d29153f9d11b282b0852a557c64d1f071d1e03c5a13cf8f61bf89ac3e1a6cca6
SSDEEP

196608:z0bq45mXYPrOLaw1VXyYgqd3g6V+xqoS/nWsSRCou7GXIaHZZ:Ibq4oojOLauyNqdw6QxqoQAL

Score

10^/10

amadey evasion trojan

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://185.42.163.120

Attributes

install_dir
523396b48f
install_file
Dctooux.exe
strings_key
18dd67cb11d29c8641cb5acf7e8a715f
url_paths
/8bjndDcoA3/index.php

rc4.plain

Targets

- Target
  
  load_security.exe
- Size
  
  16.2MB
- MD5
  
  41e8a14eb9ad7c9f656065bef52df9d7
- SHA1
  
  735adabfcf3943d590717609d0058c8edd860073
- SHA256
  
  73c8c6f74db38fbcf64f7262bce4d397b86aca9444650d7e4f347b0606b1a78f
- SHA512
  
  2412062cf4db8f6d0f22dd96b64f73a85eace2f1ee36ebd0c8e9a895aa033a90d29153f9d11b282b0852a557c64d1f071d1e03c5a13cf8f61bf89ac3e1a6cca6
- SSDEEP
  
  196608:z0bq45mXYPrOLaw1VXyYgqd3g6V+xqoS/nWsSRCou7GXIaHZZ:Ibq4oojOLauyNqdw6QxqoQAL
Score

10^/10

evasion trojan amadey
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadeyevasiontrojan