General
-
Target
82e837bdd2dca524f69dc860702c1d95c0881f36b7773c6961012413acc5dd05
-
Size
232KB
-
Sample
221125-qrtcgsed2w
-
MD5
a4ee954fb241ad6c25e3ffecb2eafe7b
-
SHA1
16b9105f96c689a4180c76f4fba07e0b350e2c98
-
SHA256
82e837bdd2dca524f69dc860702c1d95c0881f36b7773c6961012413acc5dd05
-
SHA512
2d37d1096d5f8ebe9837a8b6eba0e73c555433ca2395dd2e38be03fec5e0dbd9dd816602ba49bd486c0f9f265b11c91a215bd56f84fd8be1df089b38e585daf4
-
SSDEEP
6144:1vAnkwfUCJ5qA9GOa1u6Rcsa//78gStqm:1ofZJ539GOa1Jcv375kqm
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
82e837bdd2dca524f69dc860702c1d95c0881f36b7773c6961012413acc5dd05
-
Size
232KB
-
MD5
a4ee954fb241ad6c25e3ffecb2eafe7b
-
SHA1
16b9105f96c689a4180c76f4fba07e0b350e2c98
-
SHA256
82e837bdd2dca524f69dc860702c1d95c0881f36b7773c6961012413acc5dd05
-
SHA512
2d37d1096d5f8ebe9837a8b6eba0e73c555433ca2395dd2e38be03fec5e0dbd9dd816602ba49bd486c0f9f265b11c91a215bd56f84fd8be1df089b38e585daf4
-
SSDEEP
6144:1vAnkwfUCJ5qA9GOa1u6Rcsa//78gStqm:1ofZJ539GOa1Jcv375kqm
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-