General
-
Target
b149115ede40e48ff726687ec09eaf07d3c182792a72fdde5176fe2173eb5f57
-
Size
244KB
-
Sample
221123-j11plabf9w
-
MD5
41e1491b70e8968f36d98ca897bbf71f
-
SHA1
1784c1961afc5a1e50526a6e8ffb296a1cd69a19
-
SHA256
b149115ede40e48ff726687ec09eaf07d3c182792a72fdde5176fe2173eb5f57
-
SHA512
4f2f00aff474657cdb4cc0cee210de810253ecf4adc1d8d00676029f238140f4bc2e10248128d7fd7058c62c8d2ad2843b14dbfd5a20d7e9dca44e173e38a69f
-
SSDEEP
3072:lBkA2Ve2jYxLQ3vW8XD5CGO5jfhKznC1TKr9jaIjxOobZV1dYbn:YAkaLQ3vPPO5jfcT2mpjROotV1dYb
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
b149115ede40e48ff726687ec09eaf07d3c182792a72fdde5176fe2173eb5f57
-
Size
244KB
-
MD5
41e1491b70e8968f36d98ca897bbf71f
-
SHA1
1784c1961afc5a1e50526a6e8ffb296a1cd69a19
-
SHA256
b149115ede40e48ff726687ec09eaf07d3c182792a72fdde5176fe2173eb5f57
-
SHA512
4f2f00aff474657cdb4cc0cee210de810253ecf4adc1d8d00676029f238140f4bc2e10248128d7fd7058c62c8d2ad2843b14dbfd5a20d7e9dca44e173e38a69f
-
SSDEEP
3072:lBkA2Ve2jYxLQ3vW8XD5CGO5jfhKznC1TKr9jaIjxOobZV1dYbn:YAkaLQ3vPPO5jfcT2mpjROotV1dYb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-