amadey | 3caf91f34d06fbec4840d28f8f3a86cd6c9328b8e590dd76a79fae3662572248 | Triage

Submit
Reports

Overview

overview

Static

static

5e4cb0cc51...ef.dll

windows7-x64

5e4cb0cc51...ef.dll

windows10-2004-x64

7

Sharing

General

Target

70134bf4d1cd851b382b2930a2e182ea.bin
Size

67KB
Sample

230116-znqxmadd35
MD5

7e28166029decc49369da4a084833c99
SHA1

2a56f591a3fc11561bb4641e1ad0d31d58f0c958
SHA256

3caf91f34d06fbec4840d28f8f3a86cd6c9328b8e590dd76a79fae3662572248
SHA512

d00da35312b5fe660a9ea55aba1a6e8229a133e813efa46749c6150a9485d40cdb1325d54dddc3f7e732cf57a25371af6a870d31eb1de3c4de373e011386afd5
SSDEEP

1536:77LveoVNlQlGlYvn8ZdSXYjdeK2l752mQ+1tkI1KLJ7kTJN:3dVPYEyYx92lF2mQ+fk5lkTz

Score

10^/10

amadey collection cred module spyware stealer trojan

Static task

static1

cred module amadey

2 signatures

Behavioral task

behavioral1

Sample

5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll

Resource

win7-20221111-en

amadey collection cred module spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll

Resource

win10v2004-20220812-en

collection spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll
- Size
  
  126KB
- MD5
  
  70134bf4d1cd851b382b2930a2e182ea
- SHA1
  
  8454d476c0d36564792b49be546593af3eab29f4
- SHA256
  
  5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef
- SHA512
  
  1af07ab22359f69fe32e359883f7d31f3068582ba0eddcb1faf6bf7686f32f51e36cdf645ac9dd727a4bf9b8c390245d7e71faf17c1a18ff3054c55f19c770bd
- SSDEEP
  
  3072:Yx7pOYzBekf3tiINwyP7XSSJds3zhrjPcnqULv4q9:Yx7ZNhf3vwyOztPc3L
Score

10^/10

amadey collection cred module spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
  cred module
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

credmoduleamadey

behavioral1

amadeycollectioncredmodulespywarestealertrojan

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy