General
-
Target
EMBARGO.001
-
Size
196KB
-
Sample
210419-5mmvqar8se
-
MD5
2cdcd70eb28356b611ecc2a35f06d74b
-
SHA1
42f274f0b5aef7a6ce9a906b408799871433fd9c
-
SHA256
1976c041c40af2b94d7fd0e45169c122d941241165e6932933ad747ec14d4d42
-
SHA512
2b0f12ccc5ed7f016741a97f05d2a7f0f15c24e9d1fc540196898f5a0a292fcfa17903ec9ca87a1528a86aeb615a333612f766a86cc36537bb1764451c7431f9
Malware Config
Extracted
amadey
2.11
176.111.174.67/7Ndd3SnW/index.php
Targets
-
-
Target
EMBARGO4256849329879411585432540766765501385339236289538201557523121773003558482222197917262.exe
-
Size
313KB
-
MD5
1994c7dd431c88e7b71bfeec3f51d493
-
SHA1
6c151e09cf1ef8db8c19aee22f22f1686cf77288
-
SHA256
afe81576e019af203a3b4548dcebe0ed5f9719719821fe570ef6eb31cae6cd0b
-
SHA512
36f4cb0c5f78645c948ba2f2445b23bcc836ebf083e628b25360954bb30d6baa074087535906192d561004b5b008b0e519301a8eb3e313fec6c282b62d0b32d3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-