amadey | 25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375
Size

269KB
Sample

221103-qhbfbaaeg7
MD5

c76cf7ee37fd8325eb1cd5d62cd3ceab
SHA1

810dc4679ca40a7ad9ba1e1e7dccb14f5fac53e8
SHA256

25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375
SHA512

ab68b7f4c5ecaff7b5580be76b60e05ac65b3812b03147cf21f9090197f1bb5c4b8581c7f4773a19c47c5d613ddd0c50a3bff5f6684b82ca6e015822e89d2532
SSDEEP

6144:kBI0Af2cL3vOPE1rbXWyXeMhFpcDN38cAJ:kBrAfDOKnnhHcDaH

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375.exe

Resource

win10-20220812-en

amadey collection spyware stealer trojan

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375
- Size
  
  269KB
- MD5
  
  c76cf7ee37fd8325eb1cd5d62cd3ceab
- SHA1
  
  810dc4679ca40a7ad9ba1e1e7dccb14f5fac53e8
- SHA256
  
  25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375
- SHA512
  
  ab68b7f4c5ecaff7b5580be76b60e05ac65b3812b03147cf21f9090197f1bb5c4b8581c7f4773a19c47c5d613ddd0c50a3bff5f6684b82ca6e015822e89d2532
- SSDEEP
  
  6144:kBI0Af2cL3vOPE1rbXWyXeMhFpcDN38cAJ:kBrAfDOKnnhHcDaH
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2025

Terms | Privacy