amadey | b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755
Size

332KB
Sample

221102-ycdmgsdghl
MD5

3af4ad9c6e172fcd1b8cb8332e22707d
SHA1

6334587d9beaa0dd0d82eea5867bf0fcb62d9176
SHA256

b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755
SHA512

ca8ce84f8069154e94f90cb57773e8a274d7474c982206ca5f6fb0e932faa2217704eacf4f9246b0e652a50a27d6af61116f987290bb8cefe6bfd67dbd742f95
SSDEEP

3072:LjjqIWVtL67gjHWecyTn05Tutkl9Gc/IqOb1wIIeSnJQVggjcGkNIVqIo:7qIWbL67g5cchtMGbXIeWa7ITsq

Score

10^/10

amadey smokeloader backdoor spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755.exe

Resource

win10-20220901-en

amadey smokeloader backdoor spyware stealer trojan upx

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755
- Size
  
  332KB
- MD5
  
  3af4ad9c6e172fcd1b8cb8332e22707d
- SHA1
  
  6334587d9beaa0dd0d82eea5867bf0fcb62d9176
- SHA256
  
  b8d9d998b969421d31bf75f714643f29b2752cd570408fe9dc6e4abff7ce8755
- SHA512
  
  ca8ce84f8069154e94f90cb57773e8a274d7474c982206ca5f6fb0e932faa2217704eacf4f9246b0e652a50a27d6af61116f987290bb8cefe6bfd67dbd742f95
- SSDEEP
  
  3072:LjjqIWVtL67gjHWecyTn05Tutkl9Gc/IqOb1wIIeSnJQVggjcGkNIVqIo:7qIWbL67g5cchtMGbXIeWa7ITsq
Score

10^/10

amadey smokeloader backdoor spyware stealer trojan upx
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeysmokeloaderbackdoorspywarestealertrojanupx

© 2018-2025

Terms | Privacy