amadey | cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
Size

207KB
Sample

221126-v3fmzsee8y
MD5

b8163409efad572bc7627feafd46452d
SHA1

882f5b58827cc7cb4faef3eb590728cd9764829d
SHA256

cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
SHA512

774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93
SSDEEP

3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366.exe

Resource

win10v2004-20220901-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Targets

- Target
  
  cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
- Size
  
  207KB
- MD5
  
  b8163409efad572bc7627feafd46452d
- SHA1
  
  882f5b58827cc7cb4faef3eb590728cd9764829d
- SHA256
  
  cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
- SHA512
  
  774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93
- SSDEEP
  
  3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2024

Terms | Privacy