amadey | 07eaa6e88904f46157a5e5e45dd70d6e14d5d06aae7dc17e8a2c440ff403a51e | Triage

Submit
Reports

Overview

overview

Static

static

7B030FD147...9E.exe

windows7_x64

7B030FD147...9E.exe

windows10_x64

Sharing

General

Target

7B030FD1473BD9B213A6DA3EF3ADC19E.exe
Size

2.0MB
Sample

210507-rwm2q8jm5a
MD5

7b030fd1473bd9b213a6da3ef3adc19e
SHA1

3fd6debb83d6b9b6240408fecef9946163d5a493
SHA256

07eaa6e88904f46157a5e5e45dd70d6e14d5d06aae7dc17e8a2c440ff403a51e
SHA512

833cf86b707836347fca8750ef0abf8d7e6f5ce56ef4dacdaa85b5dc1a44099c94384dba2cbbf575329c0a8569ee2b48e4507633237e4b2231c90bbea855f71d

Score

10^/10

amadey netsupport rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7B030FD1473BD9B213A6DA3EF3ADC19E.exe

Resource

win7v20210410

amadey netsupport rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7B030FD1473BD9B213A6DA3EF3ADC19E.exe

Resource

win10v20210410

amadey spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
62.173.149.200
Port:
21
Username:
stealer
Password:
Aqswdefr123

Extracted

Family

amadey

Version

2.15

C2

92.38.184.216/4dcYcWsw3/index.php

Targets

- Target
  
  7B030FD1473BD9B213A6DA3EF3ADC19E.exe
- Size
  
  2.0MB
- MD5
  
  7b030fd1473bd9b213a6da3ef3adc19e
- SHA1
  
  3fd6debb83d6b9b6240408fecef9946163d5a493
- SHA256
  
  07eaa6e88904f46157a5e5e45dd70d6e14d5d06aae7dc17e8a2c440ff403a51e
- SHA512
  
  833cf86b707836347fca8750ef0abf8d7e6f5ce56ef4dacdaa85b5dc1a44099c94384dba2cbbf575329c0a8569ee2b48e4507633237e4b2231c90bbea855f71d
Score

10^/10

amadey netsupport rat spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeynetsupportratspywarestealertrojan

behavioral2

amadeyspywarestealertrojan

© 2018-2024

Terms | Privacy