amadey | 40e85dda92de36c542997ce188af184b9bd72fd0362d85eace745bd395ed4f97 | Triage

Submit
Reports

Overview

overview

Static

static

6a59517bc0...a7.exe

windows7-x64

6a59517bc0...a7.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6a59517bc0735d8437978ab13b7993b26ce793a69146341be32fa71180557aa7
Size

174KB
Sample

221127-s815rshf67
MD5

da8d6b3472ea36e7534d124aded166d3
SHA1

f2027cdd61a8cad4255deb28494dc0f4128cfed1
SHA256

40e85dda92de36c542997ce188af184b9bd72fd0362d85eace745bd395ed4f97
SHA512

24df65dbcd28d0c0b520a0cea48ef42bf676a1d291916c214ff032f939320abc57e2bf57dda4cf93b6231256731edc9ae8c1893ddbf322409d7659cff3172817
SSDEEP

3072:EvxwqkMwGB9BQmuf15bnX4Xh5ncI+qkatCXA2NjdpZdolyTpK7zC4abeG:EvjkMxFxCXC9+DatC7NjXZ0yki

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6a59517bc0735d8437978ab13b7993b26ce793a69146341be32fa71180557aa7.exe

Resource

win7-20220901-en

amadey collection spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a59517bc0735d8437978ab13b7993b26ce793a69146341be32fa71180557aa7.exe

Resource

win10v2004-20220812-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Targets

- Target
  
  6a59517bc0735d8437978ab13b7993b26ce793a69146341be32fa71180557aa7
- Size
  
  226KB
- MD5
  
  75b4f9883d47a3f05d728a9bf35ea8da
- SHA1
  
  7cacfa6e2216196754800b9284a4c1d848a3ccb5
- SHA256
  
  6a59517bc0735d8437978ab13b7993b26ce793a69146341be32fa71180557aa7
- SHA512
  
  d162c0695b887a64f4c1808c37c467cf98e10b262aa7a110c4ff63440dc23759181887813d64d37e65aed179c59d4da8d054f1d38d8db4b81834a92f567a382f
- SSDEEP
  
  6144:Vg6JgBicZWiL/2aFxXC9+DatC/NjXZ0yZF+VD+dADM+8:rciye6xM+uyZN6CaI
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

behavioral2

amadeycollectionspywarestealertrojan

© 2018-2025

Terms | Privacy