Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    09f4d05873f819654d9cceb5fcdf80904a7863181ac9d81cb1f21313036d71cc

  • Size

    240KB

  • Sample

    221107-lgyr1acccq

  • MD5

    d16b7c977e8e5b5f7f0b8f9a6ed9d990

  • SHA1

    542960fe42ea79d9a3aaaac003d5aed880ae4768

  • SHA256

    09f4d05873f819654d9cceb5fcdf80904a7863181ac9d81cb1f21313036d71cc

  • SHA512

    9e4f7d40de1b106d353328753e2545b66acf85a1588180946a83677d941217a986a19354af97c3a04c9c870031cbf33c992dbac08590ef5dc675ff632673f2de

  • SSDEEP

    6144:zeY83NHLJKd/Ce73Fi+FnKAcdQuZNH8U:zAHA/Ce7PFV3iNh

Score
10/10
amadeycollectionspywarestealertrojan

Malware Config

Targets

    • Target

      09f4d05873f819654d9cceb5fcdf80904a7863181ac9d81cb1f21313036d71cc

    • Size

      240KB

    • MD5

      d16b7c977e8e5b5f7f0b8f9a6ed9d990

    • SHA1

      542960fe42ea79d9a3aaaac003d5aed880ae4768

    • SHA256

      09f4d05873f819654d9cceb5fcdf80904a7863181ac9d81cb1f21313036d71cc

    • SHA512

      9e4f7d40de1b106d353328753e2545b66acf85a1588180946a83677d941217a986a19354af97c3a04c9c870031cbf33c992dbac08590ef5dc675ff632673f2de

    • SSDEEP

      6144:zeY83NHLJKd/Ce73Fi+FnKAcdQuZNH8U:zAHA/Ce7PFV3iNh

    Score
    10/10
    amadeycollectionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks