General

  • Target

    file.exe

  • Size

    269KB

  • Sample

    221031-2z4c7seab2

  • MD5

    f8bb54273b927f63055e251f5f475500

  • SHA1

    6d327674ca4344f4bed4b8ba5abf93e54e356c7e

  • SHA256

    b3503b719f307c29d24760cb786019d6b0bdf752dc0533519bc176b74d4b1903

  • SHA512

    25644545d3d22e0fb040e1fe7f3ff2d89d4af9b1d82804de709619a3b3717858a37d782bc4f82fabb89b2e05eb31744923e6327fada91bb057ca193112b3d237

  • SSDEEP

    6144:zQiCq3xTA6L6JdKgJkfHaGnMbRF4dGhBe6CC0oqR8I8s:zQ5q3xlIdKgJkfBCRF4shTCC0uy

Malware Config

Targets

    • Target

      file.exe

    • Size

      269KB

    • MD5

      f8bb54273b927f63055e251f5f475500

    • SHA1

      6d327674ca4344f4bed4b8ba5abf93e54e356c7e

    • SHA256

      b3503b719f307c29d24760cb786019d6b0bdf752dc0533519bc176b74d4b1903

    • SHA512

      25644545d3d22e0fb040e1fe7f3ff2d89d4af9b1d82804de709619a3b3717858a37d782bc4f82fabb89b2e05eb31744923e6327fada91bb057ca193112b3d237

    • SSDEEP

      6144:zQiCq3xTA6L6JdKgJkfHaGnMbRF4dGhBe6CC0oqR8I8s:zQ5q3xlIdKgJkfBCRF4shTCC0uy

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks