General
-
Target
d78fefd9b2c2de19c1269d29210f3b63ae1f8e9abb674163852a56183742d891
-
Size
358KB
-
Sample
221101-wbqvbadhf3
-
MD5
0fe25827166448588c03630e6f58c294
-
SHA1
a2f6f835a8b5d63a2308a9edc7be011a2758f3ac
-
SHA256
d78fefd9b2c2de19c1269d29210f3b63ae1f8e9abb674163852a56183742d891
-
SHA512
d91a9f64f8d7e8a6d859a910d3411e8452f53fef754f913c1b4ebd98cc0bd3bfecdce48213816694b436060c335f88e704a9db03508da616415d208cd783bed3
-
SSDEEP
6144:PZA8oNPWV/GWaFf3OXtcKSiL4JQVa1Ua7ITsqS:PZAtvxFfeXtcZiLER7
Malware Config
Targets
-
-
Target
d78fefd9b2c2de19c1269d29210f3b63ae1f8e9abb674163852a56183742d891
-
Size
358KB
-
MD5
0fe25827166448588c03630e6f58c294
-
SHA1
a2f6f835a8b5d63a2308a9edc7be011a2758f3ac
-
SHA256
d78fefd9b2c2de19c1269d29210f3b63ae1f8e9abb674163852a56183742d891
-
SHA512
d91a9f64f8d7e8a6d859a910d3411e8452f53fef754f913c1b4ebd98cc0bd3bfecdce48213816694b436060c335f88e704a9db03508da616415d208cd783bed3
-
SSDEEP
6144:PZA8oNPWV/GWaFf3OXtcKSiL4JQVa1Ua7ITsqS:PZAtvxFfeXtcZiLER7
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-