General

  • Target

    d04ec4f0546f476d13d8ac05da68cd58c395c93e13c83eb8c5f44ed273064bb6.exe

  • Size

    191KB

  • Sample

    210506-93cwvpl2h6

  • MD5

    af96260d874638083e3c7335933227e7

  • SHA1

    98a4f387a46cba1a88fc95063a01a9c4579cc40a

  • SHA256

    d04ec4f0546f476d13d8ac05da68cd58c395c93e13c83eb8c5f44ed273064bb6

  • SHA512

    0ebd10262c6bed3c342b85b05d8567e13d0d46c8fa51b742682866394b82860ce291d1889872f94ace629eee6daea06ef818bc0805d6c57177b8b97cc231f9ba

Malware Config

Extracted

Family

amadey

Version

2.16

C2

45.155.205.172/4dcYcWsw3/index.php

Targets

    • Target

      d04ec4f0546f476d13d8ac05da68cd58c395c93e13c83eb8c5f44ed273064bb6.exe

    • Size

      191KB

    • MD5

      af96260d874638083e3c7335933227e7

    • SHA1

      98a4f387a46cba1a88fc95063a01a9c4579cc40a

    • SHA256

      d04ec4f0546f476d13d8ac05da68cd58c395c93e13c83eb8c5f44ed273064bb6

    • SHA512

      0ebd10262c6bed3c342b85b05d8567e13d0d46c8fa51b742682866394b82860ce291d1889872f94ace629eee6daea06ef818bc0805d6c57177b8b97cc231f9ba

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks