amadey | a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f
Size

423KB
Sample

221206-138lnabg6s
MD5

9e9df779a547699c79f19a29a4ec7650
SHA1

5b2aa643807e06dd7064fc94a997e44b213c6163
SHA256

a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f
SHA512

78798143c34ed26ad0278162aee244670385f33b9666e7b038b51f3bc9bfda74fac4459a0369f707311fc171d4302a6d4229c2d08a0063bc137cb48841317638
SSDEEP

6144:wCbqZQLNLxw5KUYAilo5CCQllUuyMTljofAWcoBlC7NOUs0yaVe:wC+Z6NFw5p2Cb8lobcWC7NOH3

Score

10^/10

amadey collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f.exe

Resource

win10v2004-20221111-en

amadey collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.167/v7eWcjs/index.php

Targets

- Target
  
  a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f
- Size
  
  423KB
- MD5
  
  9e9df779a547699c79f19a29a4ec7650
- SHA1
  
  5b2aa643807e06dd7064fc94a997e44b213c6163
- SHA256
  
  a947f12146bac968e04f955ec03fd56e7f94343b98f9b49eb988e9b6aefc3f8f
- SHA512
  
  78798143c34ed26ad0278162aee244670385f33b9666e7b038b51f3bc9bfda74fac4459a0369f707311fc171d4302a6d4229c2d08a0063bc137cb48841317638
- SSDEEP
  
  6144:wCbqZQLNLxw5KUYAilo5CCQllUuyMTljofAWcoBlC7NOUs0yaVe:wC+Z6NFw5p2Cb8lobcWC7NOH3
Score

10^/10

amadey collection spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeycollectionspywarestealertrojan

© 2018-2025

Terms | Privacy