General

  • Target

    ed16877abadf55e19c92d02bb013eb6e.exe

  • Size

    359KB

  • Sample

    221101-mkc55saha6

  • MD5

    ed16877abadf55e19c92d02bb013eb6e

  • SHA1

    6967bcda8f0cfe3c32d841082e6a9dcd4c7ce9cf

  • SHA256

    81dd136301ccf79e39d70732c75d77eaf008868bfe4b9ad45177c04c5dba33c0

  • SHA512

    c48dad5f8fa18c1acbd64c766a5601a5f7fc81100418c62cee1ec89cabf1a2f5d557d54c674fc9916fa6960f2907081bf17dce1523b77628adeb21e58c9d74f1

  • SSDEEP

    6144:PwYSuXJStqGc0/qa71ZVLosdT3Ctl7ITsq:PwYlXJS5yAZGsBM7

Malware Config

Targets

    • Target

      ed16877abadf55e19c92d02bb013eb6e.exe

    • Size

      359KB

    • MD5

      ed16877abadf55e19c92d02bb013eb6e

    • SHA1

      6967bcda8f0cfe3c32d841082e6a9dcd4c7ce9cf

    • SHA256

      81dd136301ccf79e39d70732c75d77eaf008868bfe4b9ad45177c04c5dba33c0

    • SHA512

      c48dad5f8fa18c1acbd64c766a5601a5f7fc81100418c62cee1ec89cabf1a2f5d557d54c674fc9916fa6960f2907081bf17dce1523b77628adeb21e58c9d74f1

    • SSDEEP

      6144:PwYSuXJStqGc0/qa71ZVLosdT3Ctl7ITsq:PwYlXJS5yAZGsBM7

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks