General

  • Target

    70134bf4d1cd851b382b2930a2e182ea.bin

  • Size

    67KB

  • Sample

    230116-znqxmadd35

  • MD5

    7e28166029decc49369da4a084833c99

  • SHA1

    2a56f591a3fc11561bb4641e1ad0d31d58f0c958

  • SHA256

    3caf91f34d06fbec4840d28f8f3a86cd6c9328b8e590dd76a79fae3662572248

  • SHA512

    d00da35312b5fe660a9ea55aba1a6e8229a133e813efa46749c6150a9485d40cdb1325d54dddc3f7e732cf57a25371af6a870d31eb1de3c4de373e011386afd5

  • SSDEEP

    1536:77LveoVNlQlGlYvn8ZdSXYjdeK2l752mQ+1tkI1KLJ7kTJN:3dVPYEyYx92lF2mQ+fk5lkTz

Malware Config

Targets

    • Target

      5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll

    • Size

      126KB

    • MD5

      70134bf4d1cd851b382b2930a2e182ea

    • SHA1

      8454d476c0d36564792b49be546593af3eab29f4

    • SHA256

      5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef

    • SHA512

      1af07ab22359f69fe32e359883f7d31f3068582ba0eddcb1faf6bf7686f32f51e36cdf645ac9dd727a4bf9b8c390245d7e71faf17c1a18ff3054c55f19c770bd

    • SSDEEP

      3072:Yx7pOYzBekf3tiINwyP7XSSJds3zhrjPcnqULv4q9:Yx7ZNhf3vwyOztPc3L

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks