amadey | e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d
Size

202KB
Sample

221128-cb7chsbb8v
MD5

ac57458e35a326a886559a56cec09f30
SHA1

a7dd53be4cf528659719f462bdd91fa1f7117744
SHA256

e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d
SHA512

bb73d089a43b2ee25aa7ff463ec35e2b178677502d3e486c65366d5137d8fe4e501a14927892e79d73b8b976bca0edc28da6e12fdcd0de31e7b1d8063173ff85
SSDEEP

6144:bSsU0+FmusMpVoOrACPo8xxbE+SlQP8nSjP:bSsU0+MMx28xxbNSC0nC

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d.exe

Resource

win10-20220812-en

amadey collection spyware stealer trojan

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Targets

- Target
  
  e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d
- Size
  
  202KB
- MD5
  
  ac57458e35a326a886559a56cec09f30
- SHA1
  
  a7dd53be4cf528659719f462bdd91fa1f7117744
- SHA256
  
  e5b1b1ede15f58a4a9b20b827009e186d61e582d878700674e881e5d28f7f35d
- SHA512
  
  bb73d089a43b2ee25aa7ff463ec35e2b178677502d3e486c65366d5137d8fe4e501a14927892e79d73b8b976bca0edc28da6e12fdcd0de31e7b1d8063173ff85
- SSDEEP
  
  6144:bSsU0+FmusMpVoOrACPo8xxbE+SlQP8nSjP:bSsU0+MMx28xxbNSC0nC
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2025

Terms | Privacy