amadey | b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
Size

205KB
Sample

221126-l2ngrsca9y
MD5

e9f6fccda69077cfc6d220e0f665264c
SHA1

87be46433353c2f746df5f84f14fd21bcd50e55b
SHA256

b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
SHA512

fdf1860fb1061d5ea7f0f742c80b74d2c066bf4602dae1372455f8beb556cda28d049ce82ec3f1569e30f72593647ad8ecf27d2526ff98e16c054433496a18a3
SSDEEP

6144:tGmdsSOfjmUFT5w2AgPXELw9oYBAHa5Xhal:EGOfjm6dZEw9oYBAHaOl

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87.exe

Resource

win10v2004-20220901-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.194/h49vlBP/index.php

Targets

- Target
  
  b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
- Size
  
  205KB
- MD5
  
  e9f6fccda69077cfc6d220e0f665264c
- SHA1
  
  87be46433353c2f746df5f84f14fd21bcd50e55b
- SHA256
  
  b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
- SHA512
  
  fdf1860fb1061d5ea7f0f742c80b74d2c066bf4602dae1372455f8beb556cda28d049ce82ec3f1569e30f72593647ad8ecf27d2526ff98e16c054433496a18a3
- SSDEEP
  
  6144:tGmdsSOfjmUFT5w2AgPXELw9oYBAHa5Xhal:EGOfjm6dZEw9oYBAHaOl
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2024

Terms | Privacy