General
-
Target
1284201c45b0e44d114c8edd3c0ac453dc51be2a9ef715c9fe20f681bdeaad04
-
Size
380KB
-
Sample
221204-rgstmsag7y
-
MD5
510f83855d1e0b0f19ecf0e1958f015a
-
SHA1
e747bfc6ebcd01044d8d5b0683cff8918f94662a
-
SHA256
1284201c45b0e44d114c8edd3c0ac453dc51be2a9ef715c9fe20f681bdeaad04
-
SHA512
98be1625c118981c2ffed06c91a0df1b94e2301424b1f27b53ae1fcd32712503c673e98265d446672dca7b2ec6d7cdc1fdda62b897029b19f7f9955113a5a07d
-
SSDEEP
6144:zFUFiQcvqpeKmq64/JnG8tqRPhVymlgl+2k1OG1PZ:zFUFiQcoeK8gxPtOPhVyWgl+2KOG
Malware Config
Extracted
amadey
3.50
31.41.244.167/v7eWcjs/index.php
Targets
-
-
Target
1284201c45b0e44d114c8edd3c0ac453dc51be2a9ef715c9fe20f681bdeaad04
-
Size
380KB
-
MD5
510f83855d1e0b0f19ecf0e1958f015a
-
SHA1
e747bfc6ebcd01044d8d5b0683cff8918f94662a
-
SHA256
1284201c45b0e44d114c8edd3c0ac453dc51be2a9ef715c9fe20f681bdeaad04
-
SHA512
98be1625c118981c2ffed06c91a0df1b94e2301424b1f27b53ae1fcd32712503c673e98265d446672dca7b2ec6d7cdc1fdda62b897029b19f7f9955113a5a07d
-
SSDEEP
6144:zFUFiQcvqpeKmq64/JnG8tqRPhVymlgl+2k1OG1PZ:zFUFiQcoeK8gxPtOPhVyWgl+2KOG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-