amadey | f9a86b36662d5368b7fa453b89553b9cbb6673c35fe7d6e382076fbc03b85a4c | Triage

Submit
Reports

Overview

overview

Static

static

dbf7ab4ef7...27.exe

windows7-x64

dbf7ab4ef7...27.exe

windows10-2004-x64

Sharing

General

Target

dbf7ab4ef7a4cc1f1b0ac52a5622a327.exe
Size

359KB
Sample

221101-hs782aaadj
MD5

dbf7ab4ef7a4cc1f1b0ac52a5622a327
SHA1

9464e63db2e47bd2e17f9cedb36d3f0329ef0aca
SHA256

f9a86b36662d5368b7fa453b89553b9cbb6673c35fe7d6e382076fbc03b85a4c
SHA512

0917da310a3cc553bb12eabeeda95fc527cface4b8da39903b8bd35adac4b48e3fe07f6c92d76cf7aae914864777a6e38a0567def4c97dbba27a6aca917741b5
SSDEEP

6144:Ww5Sfm+/+T6XuTSPueQHC8O/ITVpRYHlytNO7ITsq:Ww5em+/+TZTtiNI5IFyzO7

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dbf7ab4ef7a4cc1f1b0ac52a5622a327.exe

Resource

win7-20220901-en

amadey collection spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbf7ab4ef7a4cc1f1b0ac52a5622a327.exe

Resource

win10v2004-20220901-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  dbf7ab4ef7a4cc1f1b0ac52a5622a327.exe
- Size
  
  359KB
- MD5
  
  dbf7ab4ef7a4cc1f1b0ac52a5622a327
- SHA1
  
  9464e63db2e47bd2e17f9cedb36d3f0329ef0aca
- SHA256
  
  f9a86b36662d5368b7fa453b89553b9cbb6673c35fe7d6e382076fbc03b85a4c
- SHA512
  
  0917da310a3cc553bb12eabeeda95fc527cface4b8da39903b8bd35adac4b48e3fe07f6c92d76cf7aae914864777a6e38a0567def4c97dbba27a6aca917741b5
- SSDEEP
  
  6144:Ww5Sfm+/+T6XuTSPueQHC8O/ITVpRYHlytNO7ITsq:Ww5em+/+TZTtiNI5IFyzO7
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

behavioral2

amadeycollectionspywarestealertrojan

© 2018-2025

Terms | Privacy