General
-
Target
5abccf6b1cdcdb5eff6c00de089850a6f81b0813f2afc3b79d4d681defdabf95.exe
-
Size
50KB
-
Sample
210330-4ebwtxlqyx
-
MD5
faf9368f40e64b2ad9d47b1b6e0b958b
-
SHA1
2531f7690b37dc1b11d1c6d36ce91dea22425742
-
SHA256
5abccf6b1cdcdb5eff6c00de089850a6f81b0813f2afc3b79d4d681defdabf95
-
SHA512
bd0f9b716626b7caf40198a8951c31b35d9fe31d47623bf44cbae1682284036501de988703db41257969f2a9008e927e334e86f1a3509a88807fa569b4aa5475
Malware Config
Extracted
amadey
2.14
176.111.174.66/Hq13Vdsv2W/index.php
Targets
-
-
Target
5abccf6b1cdcdb5eff6c00de089850a6f81b0813f2afc3b79d4d681defdabf95.exe
-
Size
50KB
-
MD5
faf9368f40e64b2ad9d47b1b6e0b958b
-
SHA1
2531f7690b37dc1b11d1c6d36ce91dea22425742
-
SHA256
5abccf6b1cdcdb5eff6c00de089850a6f81b0813f2afc3b79d4d681defdabf95
-
SHA512
bd0f9b716626b7caf40198a8951c31b35d9fe31d47623bf44cbae1682284036501de988703db41257969f2a9008e927e334e86f1a3509a88807fa569b4aa5475
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
Nirsoft
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-