amadey | 2b932d8740418e2ca0ffd86c19a194e0e9e73bef0758c5182c8d582c65074e99 | Triage

Submit
Reports

Overview

overview

Static

static

e75b6eeeab...6b.exe

windows7-x64

e75b6eeeab...6b.exe

windows10-2004-x64

8

Sharing

General

Target

e75b6eeeab3631bb5132ff5d8b37274761c9abde15d76c853a8dbd8ce811c46b
Size

191KB
Sample

221028-298exacacl
MD5

dfee86fb7c480b8916489820cf56cb07
SHA1

3b959d5f8c8db402acce397e32aec25b2456f465
SHA256

2b932d8740418e2ca0ffd86c19a194e0e9e73bef0758c5182c8d582c65074e99
SHA512

0454d730aa9b1b949a6f246ea40be9a96b0a53d7cfec3d6e5933107679f75ecaea2dca54749a737a1bf14487b401e0158d68e37cc4dafc123785319e0412f129
SSDEEP

3072:u2idbrBQrVl1NIJRE4c3F3Ggoduq99mUg7HJCo2oQvLtiUievIrYBuobDaM:qbrBQF2REj13G3d798LL2oQvBiKUYBuu

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e75b6eeeab3631bb5132ff5d8b37274761c9abde15d76c853a8dbd8ce811c46b.exe

Resource

win7-20220901-en

amadey collection spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e75b6eeeab3631bb5132ff5d8b37274761c9abde15d76c853a8dbd8ce811c46b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  e75b6eeeab3631bb5132ff5d8b37274761c9abde15d76c853a8dbd8ce811c46b
- Size
  
  293KB
- MD5
  
  3a87456630da7362cc15e14b18047caf
- SHA1
  
  7da577c53cfe7cd79c56f7bed9b1ff7d26245075
- SHA256
  
  e75b6eeeab3631bb5132ff5d8b37274761c9abde15d76c853a8dbd8ce811c46b
- SHA512
  
  881a721992076c222c2caefd43ea5fa0b032fe313661989b982d3db7156d8396b9f000ed2b466ca6cbbbc6c6c079a681af8c4dd2e84461ab2a86067c6a395b80
- SSDEEP
  
  6144:0hKBmh9L7xLmywFKId798LL2oQyerjwb5a:hB+nxUd798LjQyeU5a
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy