amadey | da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
Size

279KB
Sample

221128-j1l67sgg75
MD5

b5a829fed3f455e078934b8edfd5d15c
SHA1

18917ab16f87217583afd10f35c52952e71e3ae8
SHA256

da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
SHA512

f2678c558869ed02daf08545ac96b9677644adb1e38bc94d5911888cf95cfc2ee23ecc99978048b6e6d12b6572d69a93d211166facc6d73ee9868b2d6650da3d
SSDEEP

3072:g+zlhYNSOlT3wB5JfeFsqBxVc3+mfQYcO1PwhZUX2V0bHhSfbrC+UBkZb1:nnYUOd3w5eFsOcFQ3UXUkHhSfbr5

Score

10^/10

amadey smokeloader backdoor collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04.exe

Resource

win10v2004-20220901-en

amadey smokeloader backdoor collection spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.134.65/o7VsjdSa2f/index.php

Targets

- Target
  
  da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
- Size
  
  279KB
- MD5
  
  b5a829fed3f455e078934b8edfd5d15c
- SHA1
  
  18917ab16f87217583afd10f35c52952e71e3ae8
- SHA256
  
  da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
- SHA512
  
  f2678c558869ed02daf08545ac96b9677644adb1e38bc94d5911888cf95cfc2ee23ecc99978048b6e6d12b6572d69a93d211166facc6d73ee9868b2d6650da3d
- SSDEEP
  
  3072:g+zlhYNSOlT3wB5JfeFsqBxVc3+mfQYcO1PwhZUX2V0bHhSfbrC+UBkZb1:nnYUOd3w5eFsOcFQ3UXUkHhSfbr5
Score

10^/10

amadey smokeloader backdoor collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

amadeysmokeloaderbackdoorcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy