General
-
Target
97aa933a3c4652d6809292641c22f946e6a26327eeb6d9419f047f7af827f8f9.bin
-
Size
12.9MB
-
Sample
220908-vpm5xaccel
-
MD5
e565d73a059fc9b2adcdb281db362bc5
-
SHA1
6977da5740e2374df369cd03d8822158cba0569e
-
SHA256
97aa933a3c4652d6809292641c22f946e6a26327eeb6d9419f047f7af827f8f9
-
SHA512
306a0a0257c7130ef49e56fcbd72aa90f0108000dd0e8dca2b8df28b332c7e85ff24cd77a1c1cfe4d243ea87560f42aa0bf6b3bd357c68f8bfc784147383f056
-
SSDEEP
393216:SQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6Ve:SQRwdPcRQ6pX9ZjXWdT4ZM
Malware Config
Targets
-
-
Target
97aa933a3c4652d6809292641c22f946e6a26327eeb6d9419f047f7af827f8f9.bin
-
Size
12.9MB
-
MD5
e565d73a059fc9b2adcdb281db362bc5
-
SHA1
6977da5740e2374df369cd03d8822158cba0569e
-
SHA256
97aa933a3c4652d6809292641c22f946e6a26327eeb6d9419f047f7af827f8f9
-
SHA512
306a0a0257c7130ef49e56fcbd72aa90f0108000dd0e8dca2b8df28b332c7e85ff24cd77a1c1cfe4d243ea87560f42aa0bf6b3bd357c68f8bfc784147383f056
-
SSDEEP
393216:SQ/5wdPcRkVrsRq6x/XTpsAjXi/CVhQi64Mfp6Ve:SQRwdPcRQ6pX9ZjXWdT4ZM
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-