General
-
Target
5b1df4750d790d84e682eaf46506683e3ddcc285047d6482b62c86de9c758f4e.exe
-
Size
324KB
-
Sample
221107-n8mj6ahbfj
-
MD5
c9226eb21515c6cb13aa1212faae9cee
-
SHA1
26c70b3a249ce73caeb2874c8219d497159b1deb
-
SHA256
5b1df4750d790d84e682eaf46506683e3ddcc285047d6482b62c86de9c758f4e
-
SHA512
7f2b5d05be008f61473b544b91588570222ecf5240ea810b2c71197924e04fc4fea649224ad7311032f875625e218cc3f61b02e7d9b593530fdce495d1f5a121
-
SSDEEP
3072:Nqq/3HMAgut5NjqyG7xwM+2d3DtLyPLOFV0EyI2eHu+sYSoq6xdzukavPkV4zE:8q/cutvG7/V30jOFV0/ebKo5qbN
Malware Config
Targets
-
-
Target
5b1df4750d790d84e682eaf46506683e3ddcc285047d6482b62c86de9c758f4e.exe
-
Size
324KB
-
MD5
c9226eb21515c6cb13aa1212faae9cee
-
SHA1
26c70b3a249ce73caeb2874c8219d497159b1deb
-
SHA256
5b1df4750d790d84e682eaf46506683e3ddcc285047d6482b62c86de9c758f4e
-
SHA512
7f2b5d05be008f61473b544b91588570222ecf5240ea810b2c71197924e04fc4fea649224ad7311032f875625e218cc3f61b02e7d9b593530fdce495d1f5a121
-
SSDEEP
3072:Nqq/3HMAgut5NjqyG7xwM+2d3DtLyPLOFV0EyI2eHu+sYSoq6xdzukavPkV4zE:8q/cutvG7/V30jOFV0/ebKo5qbN
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-