amadey | 4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0
Size

291KB
Sample

211224-skhnhsddbl
MD5

872b04e80be0331efa9ac74df5c45e62
SHA1

8bcd6911de6ee70a57d42f365d43fd4a22d65ee0
SHA256

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0
SHA512

1867aaf71f585f9fc78b5363ec379ca03fba646e5f647fa9335b4897ad8e3e13bd0fa83617e8fb8a63871b55c359094d3326e90b7d321d6e8b1123e472cb4219

Score

10^/10

amadey neshta smokeloader backdoor persistence spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0.exe

Resource

win10-en-20211208

amadey neshta smokeloader backdoor persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32

rc4.i32

Extracted

Family

amadey

Version

2.86

C2

2.56.56.210/notAnoob/index.php

Targets

- Target
  
  4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0
- Size
  
  291KB
- MD5
  
  872b04e80be0331efa9ac74df5c45e62
- SHA1
  
  8bcd6911de6ee70a57d42f365d43fd4a22d65ee0
- SHA256
  
  4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0
- SHA512
  
  1867aaf71f585f9fc78b5363ec379ca03fba646e5f647fa9335b4897ad8e3e13bd0fa83617e8fb8a63871b55c359094d3326e90b7d321d6e8b1123e472cb4219
Score

10^/10

amadey neshta smokeloader backdoor persistence spyware stealer suricata trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyneshtasmokeloaderbackdoorpersistencespywarestealersuricatatrojan

© 2018-2024

Terms | Privacy