General
-
Target
file.exe
-
Size
415KB
-
Sample
221206-v5z5eahe29
-
MD5
559c9d12ae8756355fee60cb2c780355
-
SHA1
79eecc0272cde8be02c78fc4f335e83e4c5d0c1c
-
SHA256
31e900bd0c0d359e102fa9b498382ddf04641c5c8468703ed6fd8bdcf2bc1d5e
-
SHA512
aa6e2a2a5b33e8d12755a665ee0fc56b9ba6aea733884a0417183e88c7104b0c9a8d4787247f863097f9d330d29ed1fbb7026b3561732850a3dd872e5351b297
-
SSDEEP
6144:nYI3ZLsLtb8kWWk2wuWcnHpDFU0av0Uu/vN6mWqLXZ6B2WcoBlCJZaV:nYYZIZb8V/uvnHpDFUnNMNbWqycWCT
Malware Config
Extracted
amadey
3.50
31.41.244.167/v7eWcjs/index.php
Targets
-
-
Target
file.exe
-
Size
415KB
-
MD5
559c9d12ae8756355fee60cb2c780355
-
SHA1
79eecc0272cde8be02c78fc4f335e83e4c5d0c1c
-
SHA256
31e900bd0c0d359e102fa9b498382ddf04641c5c8468703ed6fd8bdcf2bc1d5e
-
SHA512
aa6e2a2a5b33e8d12755a665ee0fc56b9ba6aea733884a0417183e88c7104b0c9a8d4787247f863097f9d330d29ed1fbb7026b3561732850a3dd872e5351b297
-
SSDEEP
6144:nYI3ZLsLtb8kWWk2wuWcnHpDFU0av0Uu/vN6mWqLXZ6B2WcoBlCJZaV:nYYZIZb8V/uvnHpDFUnNMNbWqycWCT
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-