General
-
Target
6bf88501e0ed0af359d91ada3505227c098fec8c1996805eb78a3e9f54501762
-
Size
310KB
-
Sample
221128-q1cfbsgb88
-
MD5
07cb14c143607b7c449e14ce4edbad42
-
SHA1
81f8bd01786cc9dcd8f8ba804c6083d209da51af
-
SHA256
6bf88501e0ed0af359d91ada3505227c098fec8c1996805eb78a3e9f54501762
-
SHA512
86b341c29e4d1b42c3fe80112ab817ba3b6ba4563d2f0d8115123b01ca9075880074aa0425eb6e3cd5e5c6205e836f61aa05d5ba138f2e75b82360ce1056c4c5
-
SSDEEP
6144:3tlt8XomooER6rj72I9oLXNMOZgs7XUkHhSfbr5W:3KXomBEsTjohMgXBH0fbr0
Static task
static1
Behavioral task
behavioral1
Sample
6bf88501e0ed0af359d91ada3505227c098fec8c1996805eb78a3e9f54501762.exe
Resource
win10-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
6bf88501e0ed0af359d91ada3505227c098fec8c1996805eb78a3e9f54501762
-
Size
310KB
-
MD5
07cb14c143607b7c449e14ce4edbad42
-
SHA1
81f8bd01786cc9dcd8f8ba804c6083d209da51af
-
SHA256
6bf88501e0ed0af359d91ada3505227c098fec8c1996805eb78a3e9f54501762
-
SHA512
86b341c29e4d1b42c3fe80112ab817ba3b6ba4563d2f0d8115123b01ca9075880074aa0425eb6e3cd5e5c6205e836f61aa05d5ba138f2e75b82360ce1056c4c5
-
SSDEEP
6144:3tlt8XomooER6rj72I9oLXNMOZgs7XUkHhSfbr5W:3KXomBEsTjohMgXBH0fbr0
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-