General
-
Target
27a3ea6c85bda6257175fd59e595d0e9610059c7f60d92e392a944e8ddc30508
-
Size
247KB
-
Sample
221121-w3xf6scc99
-
MD5
47fda80c9b229f2dff4a8ee998ff0cdd
-
SHA1
b33f66efb6503e11bcfc9abf99e3e16ba10adc14
-
SHA256
27a3ea6c85bda6257175fd59e595d0e9610059c7f60d92e392a944e8ddc30508
-
SHA512
2cdc3914e40ea68e4187b47b42bb099479c661244dd28bd3080b5d747351144809c7d2e23ac350ccd637ea9096b620f027ebe23d2a79bdf78678c5205730a495
-
SSDEEP
3072:vsaNPBwDtcWpCh5KuVeYEemZb7MGdWWX8M90LOnTU60q7KlxbI/HfX:vskru8VeD9Zb7MG4UZH01bYv
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
27a3ea6c85bda6257175fd59e595d0e9610059c7f60d92e392a944e8ddc30508
-
Size
247KB
-
MD5
47fda80c9b229f2dff4a8ee998ff0cdd
-
SHA1
b33f66efb6503e11bcfc9abf99e3e16ba10adc14
-
SHA256
27a3ea6c85bda6257175fd59e595d0e9610059c7f60d92e392a944e8ddc30508
-
SHA512
2cdc3914e40ea68e4187b47b42bb099479c661244dd28bd3080b5d747351144809c7d2e23ac350ccd637ea9096b620f027ebe23d2a79bdf78678c5205730a495
-
SSDEEP
3072:vsaNPBwDtcWpCh5KuVeYEemZb7MGdWWX8M90LOnTU60q7KlxbI/HfX:vskru8VeD9Zb7MG4UZH01bYv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-