General
Target

920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3.exe

Size

321KB

Sample

220523-b8rsnaehbn

Score
10/10
MD5

198929adc74b1ba1e260c2b614e1ed80

SHA1

2bc01b272b38257f357104ae6c2a7e70e59aabce

SHA256

920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3

SHA512

094e75cf694278231c479d556dd48d6cf19ba6dad4569cf701914fc3f671253881e20d787adad555820d05be3c922279befea23100f7718452d35d05239b4cff

Malware Config

Extracted

Family

amadey

Version

3.08

C2

185.215.113.35/d2VxjasuwS/index.php

Targets
Target

920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3.exe

MD5

198929adc74b1ba1e260c2b614e1ed80

Filesize

321KB

Score
10/10
SHA1

2bc01b272b38257f357104ae6c2a7e70e59aabce

SHA256

920872b6c2b2f2c535729538c8359f8a8456399dbe6eec8cf52389e16c1458d3

SHA512

094e75cf694278231c479d556dd48d6cf19ba6dad4569cf701914fc3f671253881e20d787adad555820d05be3c922279befea23100f7718452d35d05239b4cff

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • suricata: ET MALWARE Amadey CnC Check-In

    Description

    suricata: ET MALWARE Amadey CnC Check-In

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Detected potential entity reuse from brand microsoft.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation