General
-
Target
b8b5e3946ec0546d8e6de7ae73091c6a66a8e0a1252020b00487d8d10a2a6f46
-
Size
205KB
-
Sample
221129-j9f2jsbh22
-
MD5
1c2f929c8f76e1bee311ffb217063988
-
SHA1
600e14abdbc5867f7db412dc4b49909ef3448f5d
-
SHA256
b8b5e3946ec0546d8e6de7ae73091c6a66a8e0a1252020b00487d8d10a2a6f46
-
SHA512
1b1fcee1a7ad686a49def2cb887d95b76d051b163fa16565619351ab086d1b8ddae56874dc601dcc37adbb47fba46230315085ed01de2cf13376c8abfcacc381
-
SSDEEP
3072:y6XDxtrF95JGVLUvFlEbctzaxE4a2PTtkW7JVzk92oWrQX7epxY5H4yo:xXDXaVkWctSSCGW9Vo9nWqepxY5m
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
b8b5e3946ec0546d8e6de7ae73091c6a66a8e0a1252020b00487d8d10a2a6f46
-
Size
205KB
-
MD5
1c2f929c8f76e1bee311ffb217063988
-
SHA1
600e14abdbc5867f7db412dc4b49909ef3448f5d
-
SHA256
b8b5e3946ec0546d8e6de7ae73091c6a66a8e0a1252020b00487d8d10a2a6f46
-
SHA512
1b1fcee1a7ad686a49def2cb887d95b76d051b163fa16565619351ab086d1b8ddae56874dc601dcc37adbb47fba46230315085ed01de2cf13376c8abfcacc381
-
SSDEEP
3072:y6XDxtrF95JGVLUvFlEbctzaxE4a2PTtkW7JVzk92oWrQX7epxY5H4yo:xXDXaVkWctSSCGW9Vo9nWqepxY5m
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-