General
-
Target
92ef4afaf3aeb2e651979d3f58e4d020663d29f738647ceedf8640a559abf65e
-
Size
245KB
-
Sample
221125-f96enahe5t
-
MD5
33ba94746bd48c1437a3553eeb68a780
-
SHA1
2a2796026e92da747d857f373000b189c1e91208
-
SHA256
92ef4afaf3aeb2e651979d3f58e4d020663d29f738647ceedf8640a559abf65e
-
SHA512
d4fb8a9092caafcee430a338a0a0a375822d4b9545254157adde70dbfba0297febf4d33ebfeb6a009c14629c1ca9c37bc91d5b1deb98fa864b23833e1e203f84
-
SSDEEP
6144:PJtLbAjIIBWXv+WIJJSlLAQ0fYSMyFEWjhIzfWjs8:PJtHAjInXv+WIjSCnVF1mf
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
92ef4afaf3aeb2e651979d3f58e4d020663d29f738647ceedf8640a559abf65e
-
Size
245KB
-
MD5
33ba94746bd48c1437a3553eeb68a780
-
SHA1
2a2796026e92da747d857f373000b189c1e91208
-
SHA256
92ef4afaf3aeb2e651979d3f58e4d020663d29f738647ceedf8640a559abf65e
-
SHA512
d4fb8a9092caafcee430a338a0a0a375822d4b9545254157adde70dbfba0297febf4d33ebfeb6a009c14629c1ca9c37bc91d5b1deb98fa864b23833e1e203f84
-
SSDEEP
6144:PJtLbAjIIBWXv+WIJJSlLAQ0fYSMyFEWjhIzfWjs8:PJtHAjInXv+WIjSCnVF1mf
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-