Overview

overview

10

Static

static

5 th Dimen...ed.exe

windows7_x64

10

5 th Dimen...ed.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5 th Dimension LTD Oy signed

  • Size

    367KB

  • Sample

    210427-y3bd5na2y2

  • MD5

    a2a86cf41448cc5a375919a2ed050ea4

  • SHA1

    bc8767fd4d9ad5635f114d277a4561c5e5583e89

  • SHA256

    7788316d7c265de3857cd869311e3227bad84465e2ae93f95fa5eeada4bdddd0

  • SHA512

    a6bf977776370b49b1094ee920ad07e4862d2e649c9603722ae9dced0f104d0560eff5d7724ee5eea617d89808c5604b9fa8647a83a8f2cc04442fd7c6ad42a2

Score
10/10
amadeyspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

2.16

C2

185.215.113.74/4dcYcWsw3/index.php

Targets

    • Target

      5 th Dimension LTD Oy signed

    • Size

      367KB

    • MD5

      a2a86cf41448cc5a375919a2ed050ea4

    • SHA1

      bc8767fd4d9ad5635f114d277a4561c5e5583e89

    • SHA256

      7788316d7c265de3857cd869311e3227bad84465e2ae93f95fa5eeada4bdddd0

    • SHA512

      a6bf977776370b49b1094ee920ad07e4862d2e649c9603722ae9dced0f104d0560eff5d7724ee5eea617d89808c5604b9fa8647a83a8f2cc04442fd7c6ad42a2

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks