General
-
Target
b6e46215fa28107873733f5a574dd0a6e49ba8ba2f22bbb35992af169e110d0d
-
Size
206KB
-
Sample
221127-hsp3fsca6s
-
MD5
2d9d82c513fb43395385691b0fca976a
-
SHA1
49cab92c6be30c90d2b3aad8ca410ed4bcafe113
-
SHA256
b6e46215fa28107873733f5a574dd0a6e49ba8ba2f22bbb35992af169e110d0d
-
SHA512
be36b2a6f87bcb1b6dacc528033cd1473a9448a7e800c550243ed0029aa800688b6ad54b61ba0527722dee6466e429b887c61a3b09b18ce8c0f6f8468c907bfb
-
SSDEEP
3072:qvaBp4aTJs9SmB5aG/rZW3Ru3y9krLHj/L2KzWMgxpQ95nVDKHwTReAo:731s9SU/rw3M3UkXbz9gxGvuJ
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
b6e46215fa28107873733f5a574dd0a6e49ba8ba2f22bbb35992af169e110d0d
-
Size
206KB
-
MD5
2d9d82c513fb43395385691b0fca976a
-
SHA1
49cab92c6be30c90d2b3aad8ca410ed4bcafe113
-
SHA256
b6e46215fa28107873733f5a574dd0a6e49ba8ba2f22bbb35992af169e110d0d
-
SHA512
be36b2a6f87bcb1b6dacc528033cd1473a9448a7e800c550243ed0029aa800688b6ad54b61ba0527722dee6466e429b887c61a3b09b18ce8c0f6f8468c907bfb
-
SSDEEP
3072:qvaBp4aTJs9SmB5aG/rZW3Ru3y9krLHj/L2KzWMgxpQ95nVDKHwTReAo:731s9SU/rw3M3UkXbz9gxGvuJ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-