General
-
Target
682a246dc73a4739b8682c14f9fe193626c40aea31cc6cc66b72c05cd34f69c2
-
Size
322KB
-
Sample
221102-w1la5addcj
-
MD5
175c9e05b0853df7efa21742963df72b
-
SHA1
9702674003ad9e92419c461f49ae09cfa58a757c
-
SHA256
682a246dc73a4739b8682c14f9fe193626c40aea31cc6cc66b72c05cd34f69c2
-
SHA512
eb222acb090f864791cd82b10b8b24fcbbb1a9b77a1168abff93b788fb60f7ce1a848db3880694d7bc93f84bd620b090fd0180d8dd27fca076bdf5475666172b
-
SSDEEP
3072:4ro8JF6WlFo+Hw145c+vzw91ikaasMtvkCvl24D0mDJUeZ+HPh8xdVggjcGkNIVx:eo8JcwHqMY1SiCCvwPA2Np8x/7ITsq
Malware Config
Targets
-
-
Target
682a246dc73a4739b8682c14f9fe193626c40aea31cc6cc66b72c05cd34f69c2
-
Size
322KB
-
MD5
175c9e05b0853df7efa21742963df72b
-
SHA1
9702674003ad9e92419c461f49ae09cfa58a757c
-
SHA256
682a246dc73a4739b8682c14f9fe193626c40aea31cc6cc66b72c05cd34f69c2
-
SHA512
eb222acb090f864791cd82b10b8b24fcbbb1a9b77a1168abff93b788fb60f7ce1a848db3880694d7bc93f84bd620b090fd0180d8dd27fca076bdf5475666172b
-
SSDEEP
3072:4ro8JF6WlFo+Hw145c+vzw91ikaasMtvkCvl24D0mDJUeZ+HPh8xdVggjcGkNIVx:eo8JcwHqMY1SiCCvwPA2Np8x/7ITsq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-