Overview

overview

10

Static

static

23fe18a25c...8f.exe

windows7-x64

10

23fe18a25c...8f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    23fe18a25ca34834ba04d90ebfbfacbb83965e7f9738f.exe

  • Size

    359KB

  • Sample

    221101-qhsplacbf3

  • MD5

    0e389dc1d608525475ff07864d83d3be

  • SHA1

    857419f9ef0002d6a5e912441e4b1d2d21d676c0

  • SHA256

    23fe18a25ca34834ba04d90ebfbfacbb83965e7f9738fb10817bae00ca7507c9

  • SHA512

    fd6faebd2ee0a441132fa56553c0b4c0ef4ccfd0a76e3b266fc6edc380b48e852017ac01ad4e04b96738fb2fe43f40500b59599b41f68feb22067aa272fbd9f2

  • SSDEEP

    6144:jw8SHAJxdeuaQEPH66nyW8CEVcik7ITsq:jw8MAJreuafH6GyW8i7

Score
10/10
amadeycollectionspywarestealertrojan

Malware Config

Targets

    • Target

      23fe18a25ca34834ba04d90ebfbfacbb83965e7f9738f.exe

    • Size

      359KB

    • MD5

      0e389dc1d608525475ff07864d83d3be

    • SHA1

      857419f9ef0002d6a5e912441e4b1d2d21d676c0

    • SHA256

      23fe18a25ca34834ba04d90ebfbfacbb83965e7f9738fb10817bae00ca7507c9

    • SHA512

      fd6faebd2ee0a441132fa56553c0b4c0ef4ccfd0a76e3b266fc6edc380b48e852017ac01ad4e04b96738fb2fe43f40500b59599b41f68feb22067aa272fbd9f2

    • SSDEEP

      6144:jw8SHAJxdeuaQEPH66nyW8CEVcik7ITsq:jw8MAJreuafH6GyW8i7

    Score
    10/10
    amadeycollectionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks