amadey | de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
Size

205KB
Sample

221126-qpf95sfe84
MD5

a41c18de2ac73f9531145a21e7922806
SHA1

22bce53c7d2a3e79c74fdf5d5c7f0bcfe94f7290
SHA256

de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
SHA512

7317a4d186b9d5b9582ab2d16da5bee797f5d3ddc0b4cf1d5345472a6587dc01e5f2d640ad2d808ecfe0b96414c93406c58069f6bf977e846019e38c51cacf61
SSDEEP

3072:3UiBC7Qmn5VHL4UHqcnvBfMti4fjWZO8g84nWiFXnlSFqJu4GcmTd7MlkKx:NY7Q4L4kqyoQgiiFXn3GxoZ

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851.exe

Resource

win10v2004-20220901-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.194/h49vlBP/index.php

Targets

- Target
  
  de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
- Size
  
  205KB
- MD5
  
  a41c18de2ac73f9531145a21e7922806
- SHA1
  
  22bce53c7d2a3e79c74fdf5d5c7f0bcfe94f7290
- SHA256
  
  de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
- SHA512
  
  7317a4d186b9d5b9582ab2d16da5bee797f5d3ddc0b4cf1d5345472a6587dc01e5f2d640ad2d808ecfe0b96414c93406c58069f6bf977e846019e38c51cacf61
- SSDEEP
  
  3072:3UiBC7Qmn5VHL4UHqcnvBfMti4fjWZO8g84nWiFXnlSFqJu4GcmTd7MlkKx:NY7Q4L4kqyoQgiiFXn3GxoZ
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2024

Terms | Privacy