Extracted

• • Target

    0cba131e7ac3a6c1b492782d616c0c66f887281f3b9d8a53f16a5a9adbfd7b1e

  • Size

    324KB

  • MD5

    62734131c7ce03e38c053912846e86e9

  • SHA1

    ff690cb224e2297d10e77d327c1c750fe1e78b02

  • SHA256

    0cba131e7ac3a6c1b492782d616c0c66f887281f3b9d8a53f16a5a9adbfd7b1e

  • SHA512

    805dd75c1492711c23ac5997988b56c5dae70345dd21807aa9b4c6dd0bf67823c4db3be607bdbd4c463f15d30c67a18ce7437ae1df04c838faa37872a16dab75

  • SSDEEP

    3072:lNdnHDMiEj4w18xh45EKu2yZbnoZ00+IlkwWk55xn+nDvRqs9W6AfRLda6ZBzZgC:lfnHEjYLJK7yZ0Zx+Ilkn+5tKMnRpn

  Score

  10^/10

  amadeyeternitycollectionpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect Amadey credential stealer module

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2