amadey | 3b82a0ea49d855327b64073872ebb6b63eee056e182be6b1935aa512628252af | Triage

Sharing

General

Target

3b82a0ea49d855327b64073872ebb6b63eee056e182be6b1935aa512628252af
Size

67KB
MD5

74b9c23837a2cbd78022b12a68b9dbf3
SHA1

438f89286442229b67188bbb9f4c8c5f21bd2a13
SHA256

9a1aa3a9f84252bfe4c9f79d056991b1374c9e9500995efd88ff70ddbfbfcb11
SHA512

7c6126773ce74b383bc7bdd4aed4777af883128e934dd76c03d49c4ff453bb780dfee757873e599ba9d102d63325c32fc752521eac1e079093e7238a11872518
SSDEEP

1536:TYjtmoic3woWKK6b6tBBoxkJcW48OcdIT+bFdjwsZrmBO0jnFDh8mZiw:l+A6Wtj0k6iIT+xOA6g8Nh8w

Score

10^/10

amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/3b82a0ea49d855327b64073872ebb6b63eee056e182be6b1935aa512628252af	amadey_cred_module

Files

3b82a0ea49d855327b64073872ebb6b63eee056e182be6b1935aa512628252af
.zip
3b82a0ea49d855327b64073872ebb6b63eee056e182be6b1935aa512628252af
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ