Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e869a77bcf10069a8b2d2711de8c33de890472f59056d1e96126ffb54db80e1

  • Size

    331KB

  • Sample

    220706-eszp4saeg4

  • MD5

    c7d976d2ef55d2db0fcc31d42dd7c347

  • SHA1

    aff74b932465ea9c735611fb86fcd753ee27f3c9

  • SHA256

    5e869a77bcf10069a8b2d2711de8c33de890472f59056d1e96126ffb54db80e1

  • SHA512

    645eda54a9b2341c8e51fa4592794a8421faae9da24497b3f6c00bb509b412cdf5b46c3fc5e13fb16c94836f4aaaaa157383af44652ea1d9969566ffa53fd7f3

Score
10/10
amadeycollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

amadey

Version

3.21

C2

185.215.113.15/Lkb2dxj3/index.php

Targets

    • Target

      5e869a77bcf10069a8b2d2711de8c33de890472f59056d1e96126ffb54db80e1

    • Size

      331KB

    • MD5

      c7d976d2ef55d2db0fcc31d42dd7c347

    • SHA1

      aff74b932465ea9c735611fb86fcd753ee27f3c9

    • SHA256

      5e869a77bcf10069a8b2d2711de8c33de890472f59056d1e96126ffb54db80e1

    • SHA512

      645eda54a9b2341c8e51fa4592794a8421faae9da24497b3f6c00bb509b412cdf5b46c3fc5e13fb16c94836f4aaaaa157383af44652ea1d9969566ffa53fd7f3

    Score
    10/10
    amadeycollectionspywarestealersuricatatrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • suricata: ET MALWARE Amadey CnC Check-In

      suricata: ET MALWARE Amadey CnC Check-In

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks