amadey | 88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d
Size

382KB
Sample

220623-swgklagea7
MD5

941468d241d661ab702d712ae689f18e
SHA1

931bc80f7e6d857739c387f1dac816e768fb20e1
SHA256

88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d
SHA512

a1bc33638ab12e5384829f8bc27824a91fbef1058e53e87569b7d34549af80b81cebeb86841289e0c81f7e05b1d8a4ba31657fa56e4f7fad27465e75a055f3f5

Score

10^/10

amadey collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d.exe

Resource

win10-20220414-en

amadey collection spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

amadey

Version

3.21

C2

185.215.113.15/Lkb2dxj3/index.php

Targets

- Target
  
  88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d
- Size
  
  382KB
- MD5
  
  941468d241d661ab702d712ae689f18e
- SHA1
  
  931bc80f7e6d857739c387f1dac816e768fb20e1
- SHA256
  
  88d5553b125ae81467bcd13d259968b71fcbb8d4fcec17189135f333be65696d
- SHA512
  
  a1bc33638ab12e5384829f8bc27824a91fbef1058e53e87569b7d34549af80b81cebeb86841289e0c81f7e05b1d8a4ba31657fa56e4f7fad27465e75a055f3f5
Score

10^/10

amadey collection spyware stealer suricata trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- suricata: ET MALWARE Amadey CnC Check-In
  suricata: ET MALWARE Amadey CnC Check-In
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy