Overview

overview

10

Static

static

896fbc6ba1...c6.exe

windows7-x64

10

896fbc6ba1...c6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    896fbc6ba1c75aa73b8d5c595b9659245b2de7d7637fe069a9804be47b9694c6

  • Size

    231KB

  • Sample

    221204-eq86rseg34

  • MD5

    b5a491233436796c1496aa2d91b75210

  • SHA1

    e1f933634ecbfaae09106306ca7b184c862449a9

  • SHA256

    c68ebebe7128f6c7fdda9aca0f1bbb9a277d674beb9ca9c2e56dbb56b264bd2c

  • SHA512

    8ed0b2d3f1f7b79770fba0ee33c795fd0910435edcef8253958d4550d76dfb3f91cd1e9aac7aae338aeade03b76ed35d4ab9c16618006823cf0f9855f825b50d

  • SSDEEP

    6144:lr2DsMrBOBRESmmt+wtN1FQ6NjH3HSmN8:l8sY4ye3y

Score
10/10
amadeycollectionspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.167/v7eWcjs/index.php

Targets

    • Target

      896fbc6ba1c75aa73b8d5c595b9659245b2de7d7637fe069a9804be47b9694c6

    • Size

      387KB

    • MD5

      7451f3c471a133acd58329d04e4478f6

    • SHA1

      04fe2ca3a7810c74fad47cf7d128f7bb296fc46c

    • SHA256

      896fbc6ba1c75aa73b8d5c595b9659245b2de7d7637fe069a9804be47b9694c6

    • SHA512

      a6a8aa3392fecc263e1a87061c169af58e2acf7e273b0ccc5f66339c10755117ead6472910da87692342c98d0dd296e89dab0e64dc87757ccbf8cb46e40b8c87

    • SSDEEP

      6144:vm9ITL4AClkpPBAk1Jt+wtN1XQ6av5MLFssvuRjMgU:vcUulksk1SJ5MRssGRQg

    Score
    10/10
    amadeycollectionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks