amadey | a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448
Size

207KB
Sample

221126-18w5tada6s
MD5

37b1a93e7c74982a942dc0ba6a95b933
SHA1

4c2ca7b2c7c542c32595ff57fef38f4763d158d6
SHA256

a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448
SHA512

ed79835f00430b6cd165e4065bef9d1cd21cd91c2ff614364aa7c59754306b415acb46058a4c211508c5c196f7e6ab02aace9dcb160cc0ee3bb38df2d5ded875
SSDEEP

3072:mvDEuqliTm54A/MEzTyBSSLQ9RaBe8pqjuPv3YMmA57M29PFAHqfdhAqbF6J:YEbi/kiy487jun1pAENQqrrx6

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448.exe

Resource

win7-20221111-en

amadey collection spyware stealer trojan

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448.exe

Resource

win10-20220812-en

amadey collection spyware stealer trojan

windows10-1703-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.134.66/o7Vsjd3a2f/index.php

Targets

- Target
  
  a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448
- Size
  
  207KB
- MD5
  
  37b1a93e7c74982a942dc0ba6a95b933
- SHA1
  
  4c2ca7b2c7c542c32595ff57fef38f4763d158d6
- SHA256
  
  a4e975408bb6197b94f44aa761bf20af6180a16393a61e6608d006d3adebd448
- SHA512
  
  ed79835f00430b6cd165e4065bef9d1cd21cd91c2ff614364aa7c59754306b415acb46058a4c211508c5c196f7e6ab02aace9dcb160cc0ee3bb38df2d5ded875
- SSDEEP
  
  3072:mvDEuqliTm54A/MEzTyBSSLQ9RaBe8pqjuPv3YMmA57M29PFAHqfdhAqbF6J:YEbi/kiy487jun1pAENQqrrx6
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

behavioral2

amadeycollectionspywarestealertrojan

© 2018-2024

Terms | Privacy