General
-
Target
file.exe
-
Size
205KB
-
Sample
221126-mq39hsdb3x
-
MD5
5a542fd73ba8dd1269bd0e44370d4193
-
SHA1
3d9eec7f3d63c9bdc8bb820bd83dec5d4893886a
-
SHA256
857bd69297b5939cdc11e2c518c43d015c60c11198c923e828359dfab184f095
-
SHA512
cd8a7cbc8c26f1f51247539e8b6f9b0bf48a492282f02b386d843c144db85b12ea08ce02774bb3a0076fa6fb515162bfd27b4e5db36feb9bfa60c96161e85066
-
SSDEEP
3072:iVZzpIn2yYh52Zm8f+SysrsEaLYztdHk7+6zZXbReR0Um5ajh1HKHT:8in2ynmSz/Hiv14y5Iro
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
file.exe
-
Size
205KB
-
MD5
5a542fd73ba8dd1269bd0e44370d4193
-
SHA1
3d9eec7f3d63c9bdc8bb820bd83dec5d4893886a
-
SHA256
857bd69297b5939cdc11e2c518c43d015c60c11198c923e828359dfab184f095
-
SHA512
cd8a7cbc8c26f1f51247539e8b6f9b0bf48a492282f02b386d843c144db85b12ea08ce02774bb3a0076fa6fb515162bfd27b4e5db36feb9bfa60c96161e85066
-
SSDEEP
3072:iVZzpIn2yYh52Zm8f+SysrsEaLYztdHk7+6zZXbReR0Um5ajh1HKHT:8in2ynmSz/Hiv14y5Iro
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-