Description
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
ac696ff26dae3d008a7f1a8a33a6c067.exe
General
Target
Size
Sample
ac696ff26dae3d008a7f1a8a33a6c067.exe
633KB
211225-j1593sgbck
Score
10 /10
MD5
SHA1
SHA256
SHA512
ac696ff26dae3d008a7f1a8a33a6c067
0e450582db291be053ac6a4ccf722dc4441b1f2e
44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9
1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6
Malware Config
Extracted
| Family | amadey |
| Version | 2.86 |
| C2 |
2.56.56.210/notAnoob/index.php |
Targets
Target
MD5
Filesize
ac696ff26dae3d008a7f1a8a33a6c067.exe
ac696ff26dae3d008a7f1a8a33a6c067
633KB
Score
10/10
SHA1
SHA256
SHA512
0e450582db291be053ac6a4ccf722dc4441b1f2e
44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9
1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6
Tags
Signatures
-
Amadey
-
Detect Neshta Payload
-
Modifies system executable filetype association
Tags
TTPs
-
Neshta
Description
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Tags
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks