General
-
Target
ba046d1f3a1aebdf83958df97f96e73b1679878d8b13dde76489e422feb403de
-
Size
243KB
-
Sample
221201-nz9nbsdh43
-
MD5
127489962a98c264dd62e1dbd406e355
-
SHA1
2620d44d7f23949ebaf271d364c19216482c0cfa
-
SHA256
ba046d1f3a1aebdf83958df97f96e73b1679878d8b13dde76489e422feb403de
-
SHA512
3cb6a06a5d675907f7bce829e480076b75ce7eba35793239af184d92bc6ac25b2be701de3539579e014634071a1a6bb75bc4b456cf7233ec18d6f6fbe368bd33
-
SSDEEP
3072:ctlHuKSbQ7ew5oPuMJY9L0pBAJRFGfsGcXMNCyo9CRjYwGvVDAbEaBj0wxz:k6bQ7BMJCuB6RFEcXo09OSqEaBQw
Malware Config
Extracted
amadey
3.50
62.204.41.252/nB8cWack3/index.php
Targets
-
-
Target
ba046d1f3a1aebdf83958df97f96e73b1679878d8b13dde76489e422feb403de
-
Size
243KB
-
MD5
127489962a98c264dd62e1dbd406e355
-
SHA1
2620d44d7f23949ebaf271d364c19216482c0cfa
-
SHA256
ba046d1f3a1aebdf83958df97f96e73b1679878d8b13dde76489e422feb403de
-
SHA512
3cb6a06a5d675907f7bce829e480076b75ce7eba35793239af184d92bc6ac25b2be701de3539579e014634071a1a6bb75bc4b456cf7233ec18d6f6fbe368bd33
-
SSDEEP
3072:ctlHuKSbQ7ew5oPuMJY9L0pBAJRFGfsGcXMNCyo9CRjYwGvVDAbEaBj0wxz:k6bQ7BMJCuB6RFEcXo09OSqEaBQw
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-