amadey | 70134bf4d1cd851b382b2930a2e182ea[.]bin | Triage

Sharing

General

Target

70134bf4d1cd851b382b2930a2e182ea.bin
Size

67KB
MD5

7e28166029decc49369da4a084833c99
SHA1

2a56f591a3fc11561bb4641e1ad0d31d58f0c958
SHA256

3caf91f34d06fbec4840d28f8f3a86cd6c9328b8e590dd76a79fae3662572248
SHA512

d00da35312b5fe660a9ea55aba1a6e8229a133e813efa46749c6150a9485d40cdb1325d54dddc3f7e732cf57a25371af6a870d31eb1de3c4de373e011386afd5
SSDEEP

1536:77LveoVNlQlGlYvn8ZdSXYjdeK2l752mQ+1tkI1KLJ7kTJN:3dVPYEyYx92lF2mQ+fk5lkTz

Score

10^/10

cred module amadey

Malware Config

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll	amadey_cred_module

Files

70134bf4d1cd851b382b2930a2e182ea.bin
.zip

Password: infected
5e4cb0cc51202cef27c4f5da63362ceee8c29a03e61ac19efda3c137b657d9ef.dll
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main
Save

Sections

CODE
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ