General
-
Target
a8fe3a11ba859359bac4d28c7374d24d8c8fe270739a311fa6eaa4d941ef5698
-
Size
288KB
-
Sample
221027-ygr1nsdbg3
-
MD5
4848f5f7e346c7e7292cab2c3fa56d8c
-
SHA1
360cad306d3145f6074a49ece3aac41c46e8834e
-
SHA256
a8fe3a11ba859359bac4d28c7374d24d8c8fe270739a311fa6eaa4d941ef5698
-
SHA512
bb014659898ef849f771a4e406e449d60a9496483bbbe402169c7fca7f0637cca5bc320179d3c652906dfe23a475ebb2d9449825be4a7a095414b9487796788a
-
SSDEEP
3072:dxpXOGq5zxBI+nq55dXtk00xJt98mjGT+KKsDylHBmSSMdeY2NjrueCOepg0Kv:tlqZQJtYYnT+KTDSHkrYMmKCg0
Malware Config
Targets
-
-
Target
a8fe3a11ba859359bac4d28c7374d24d8c8fe270739a311fa6eaa4d941ef5698
-
Size
288KB
-
MD5
4848f5f7e346c7e7292cab2c3fa56d8c
-
SHA1
360cad306d3145f6074a49ece3aac41c46e8834e
-
SHA256
a8fe3a11ba859359bac4d28c7374d24d8c8fe270739a311fa6eaa4d941ef5698
-
SHA512
bb014659898ef849f771a4e406e449d60a9496483bbbe402169c7fca7f0637cca5bc320179d3c652906dfe23a475ebb2d9449825be4a7a095414b9487796788a
-
SSDEEP
3072:dxpXOGq5zxBI+nq55dXtk00xJt98mjGT+KKsDylHBmSSMdeY2NjrueCOepg0Kv:tlqZQJtYYnT+KTDSHkrYMmKCg0
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-