General
Target

e085027f0a000f7be4a5ac90460b005d03a4ef4e48579c78b5582f2a99ae6c19.exe

Size

307KB

Sample

220522-b798lshhgm

Score
10/10
MD5

ee7e3d6206b8c815c7e3c30bd40e00cc

SHA1

c41bd2e3c0ac545d7ba81e26743ee4f909eccb27

SHA256

e085027f0a000f7be4a5ac90460b005d03a4ef4e48579c78b5582f2a99ae6c19

SHA512

7a8f98e25c44d6db495eda24247e29696b4bc195566ea5d5fd3f9aedc8c792bedf9ce8d9b826d34e52302a2ab0ec82552a2007f8811688e8f84746c66af807d7

Malware Config

Extracted

Family

amadey

Version

3.08

C2

185.215.113.35/d2VxjasuwS/index.php

Targets
Target

e085027f0a000f7be4a5ac90460b005d03a4ef4e48579c78b5582f2a99ae6c19.exe

MD5

ee7e3d6206b8c815c7e3c30bd40e00cc

Filesize

307KB

Score
10/10
SHA1

c41bd2e3c0ac545d7ba81e26743ee4f909eccb27

SHA256

e085027f0a000f7be4a5ac90460b005d03a4ef4e48579c78b5582f2a99ae6c19

SHA512

7a8f98e25c44d6db495eda24247e29696b4bc195566ea5d5fd3f9aedc8c792bedf9ce8d9b826d34e52302a2ab0ec82552a2007f8811688e8f84746c66af807d7

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • suricata: ET MALWARE Amadey CnC Check-In

    Description

    suricata: ET MALWARE Amadey CnC Check-In

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Detected potential entity reuse from brand microsoft.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation