General
-
Target
ffa0f7dd952ac81d4b0e77b6ac149c408983ee740d4d76c7a103fd88914faf92
-
Size
205KB
-
Sample
221126-n6hs7afa4x
-
MD5
ec2c47ac8beff1c0b8fae12cdc0f8e08
-
SHA1
c6e4788bdf85b0d8ff4f65de44023d6a6a998f9a
-
SHA256
ffa0f7dd952ac81d4b0e77b6ac149c408983ee740d4d76c7a103fd88914faf92
-
SHA512
d23bfae4c960b88ab9289ff91d6fe25fe193dd598ae44233d3d87df6aecc9a9b01379b72144a84176439698d0fa6a5aebb72957f1069083d8345af093b43a466
-
SSDEEP
3072:oTDf9TIcv5reaAmm30NrE3quOzKfHVqfwSI5bB9ms5dSmDt+dM5A7IiyGBJ19n:m1TIk/AwrYOzhfwTbBMSYmEcD0/
Static task
static1
Behavioral task
behavioral1
Sample
ffa0f7dd952ac81d4b0e77b6ac149c408983ee740d4d76c7a103fd88914faf92.exe
Resource
win10-20220812-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
ffa0f7dd952ac81d4b0e77b6ac149c408983ee740d4d76c7a103fd88914faf92
-
Size
205KB
-
MD5
ec2c47ac8beff1c0b8fae12cdc0f8e08
-
SHA1
c6e4788bdf85b0d8ff4f65de44023d6a6a998f9a
-
SHA256
ffa0f7dd952ac81d4b0e77b6ac149c408983ee740d4d76c7a103fd88914faf92
-
SHA512
d23bfae4c960b88ab9289ff91d6fe25fe193dd598ae44233d3d87df6aecc9a9b01379b72144a84176439698d0fa6a5aebb72957f1069083d8345af093b43a466
-
SSDEEP
3072:oTDf9TIcv5reaAmm30NrE3quOzKfHVqfwSI5bB9ms5dSmDt+dM5A7IiyGBJ19n:m1TIk/AwrYOzhfwTbBMSYmEcD0/
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-