ac696ff26dae3d008a7f1a8a33a6c067.exe

General
Target

ac696ff26dae3d008a7f1a8a33a6c067.exe

Size

633KB

Sample

211225-j1593sgbck

Score
10 /10
MD5

ac696ff26dae3d008a7f1a8a33a6c067

SHA1

0e450582db291be053ac6a4ccf722dc4441b1f2e

SHA256

44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9

SHA512

1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6

Malware Config

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

ac696ff26dae3d008a7f1a8a33a6c067.exe

MD5

ac696ff26dae3d008a7f1a8a33a6c067

Filesize

633KB

Score
10/10
SHA1

0e450582db291be053ac6a4ccf722dc4441b1f2e

SHA256

44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9

SHA512

1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation