Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e16e26958a5dae649eb08a688b94905a50582b39e6bbf9b2c9c58dd17e667a88

  • Size

    244KB

  • Sample

    221122-ccapyaeh57

  • MD5

    e75c8ed92711e3858ac326764aeef26d

  • SHA1

    c5c560db9d4b9c6af39aa8fdb7128d815df26b5b

  • SHA256

    e16e26958a5dae649eb08a688b94905a50582b39e6bbf9b2c9c58dd17e667a88

  • SHA512

    ec070fa41d8352ade16d27bb775702a0cc38026e7a9bc76434f2d9dc86a916470e33a1025cbb013fd1b46bc3c0619b0fc2d2c63d4bf7df645ec3a71cb68d2d34

  • SSDEEP

    6144:f9zFmjx9DENbR6T1iPIxkWBREJRNb2rRSIz:f90jx9D2PIxkAsNbKSI

Score
10/10
amadeycollectionspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.174/g84kvj4jck/index.php

Targets

    • Target

      e16e26958a5dae649eb08a688b94905a50582b39e6bbf9b2c9c58dd17e667a88

    • Size

      244KB

    • MD5

      e75c8ed92711e3858ac326764aeef26d

    • SHA1

      c5c560db9d4b9c6af39aa8fdb7128d815df26b5b

    • SHA256

      e16e26958a5dae649eb08a688b94905a50582b39e6bbf9b2c9c58dd17e667a88

    • SHA512

      ec070fa41d8352ade16d27bb775702a0cc38026e7a9bc76434f2d9dc86a916470e33a1025cbb013fd1b46bc3c0619b0fc2d2c63d4bf7df645ec3a71cb68d2d34

    • SSDEEP

      6144:f9zFmjx9DENbR6T1iPIxkWBREJRNb2rRSIz:f90jx9D2PIxkAsNbKSI

    Score
    10/10
    amadeycollectionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks