General
-
Target
bd246928484b805c4c5bd6d37a6dc76233f130c9ca850565fa97bca529d2c188
-
Size
415KB
-
Sample
221206-xjc4vsgd31
-
MD5
851d5a35012042d7dfbad2e189fd8de7
-
SHA1
515ca9fa8a3c22b69d20e4ffff66b7b69eab38bf
-
SHA256
bd246928484b805c4c5bd6d37a6dc76233f130c9ca850565fa97bca529d2c188
-
SHA512
f7bcb69bb92f21ac606109761bce33728afb9a382f5ace110e6a0e8890959742d61fbd2568f7975adb49f0036ff414fc1c3173bc6f91cdb0f678c15fed1f6b60
-
SSDEEP
12288:2cbZ2+iwqwUsAeOnwZ2/GIdByXIcWCJlK:2ALqwrAeOnCgyXIcWC3
Malware Config
Extracted
amadey
3.50
31.41.244.167/v7eWcjs/index.php
Targets
-
-
Target
bd246928484b805c4c5bd6d37a6dc76233f130c9ca850565fa97bca529d2c188
-
Size
415KB
-
MD5
851d5a35012042d7dfbad2e189fd8de7
-
SHA1
515ca9fa8a3c22b69d20e4ffff66b7b69eab38bf
-
SHA256
bd246928484b805c4c5bd6d37a6dc76233f130c9ca850565fa97bca529d2c188
-
SHA512
f7bcb69bb92f21ac606109761bce33728afb9a382f5ace110e6a0e8890959742d61fbd2568f7975adb49f0036ff414fc1c3173bc6f91cdb0f678c15fed1f6b60
-
SSDEEP
12288:2cbZ2+iwqwUsAeOnwZ2/GIdByXIcWCJlK:2ALqwrAeOnCgyXIcWC3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-