General

  • Target

    e148b601cabaf0ff2242d4e204090f34e12c5f181793008125ab53c4bca8cc80

  • Size

    268KB

  • Sample

    221031-1ws8dsdeb8

  • MD5

    5a5e87d1ca5b3b323a603ccef736119a

  • SHA1

    a52a3d51df3ad463229bc2148d6767ba60199425

  • SHA256

    e148b601cabaf0ff2242d4e204090f34e12c5f181793008125ab53c4bca8cc80

  • SHA512

    03b64cfbc98a0f10f9200271899915f57e264de49c810a1d935a7855e2a4bfbef4356e6ae319e6d91c0b0f2a12a595c53f728473d26883cfdaf3d1f65194bd16

  • SSDEEP

    6144:myNxdxQ0qLfl0H1R+4qzLR3Z69Zrsf3AKvAlx:myfdaZbS184o3Z69ZreMlx

Malware Config

Targets

    • Target

      e148b601cabaf0ff2242d4e204090f34e12c5f181793008125ab53c4bca8cc80

    • Size

      268KB

    • MD5

      5a5e87d1ca5b3b323a603ccef736119a

    • SHA1

      a52a3d51df3ad463229bc2148d6767ba60199425

    • SHA256

      e148b601cabaf0ff2242d4e204090f34e12c5f181793008125ab53c4bca8cc80

    • SHA512

      03b64cfbc98a0f10f9200271899915f57e264de49c810a1d935a7855e2a4bfbef4356e6ae319e6d91c0b0f2a12a595c53f728473d26883cfdaf3d1f65194bd16

    • SSDEEP

      6144:myNxdxQ0qLfl0H1R+4qzLR3Z69Zrsf3AKvAlx:myfdaZbS184o3Z69ZreMlx

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks