Overview

overview

10

Static

static

1

64aca7057a...6a.exe

windows7-x64

10

64aca7057a...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b77d1b9121cbbeebe3f4e5c078380b5.bin

  • Size

    196KB

  • Sample

    230326-bra4ksfa54

  • MD5

    1da94d41a32cb022ca380fc0960374d4

  • SHA1

    e44b4f50071d4fb82c4868c5a041574b0469da1c

  • SHA256

    1dd814c9f9cd00001ef5b2f61e030543792bb97eda0e6e005aef392607315600

  • SHA512

    dd50c73e434a8a4ab5f609fa01c47bb681fec6651596c5e7049b342a60ff6cbf61b5606825db28cbcb4ffbef8fd0c3007152f3fec0f7b826caf524c5a41d3d51

  • SSDEEP

    6144:3aV8iyjmImMy7RPf/iY/WUafDz8jX9XYCY75:D7jmOy7Z/iY/WU48hhA5

Score
10/10
amadeyspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.68

C2

88.218.60.230/7vzZwkv2/index.php

Targets

    • Target

      64aca7057a61b52f8630a3e5e312efd0c0a2004c1596cdef29d483f8e97b346a.exe

    • Size

      292KB

    • MD5

      5b77d1b9121cbbeebe3f4e5c078380b5

    • SHA1

      433de61d420d74a6cf92d2cbe7e10eda0e33c7d4

    • SHA256

      64aca7057a61b52f8630a3e5e312efd0c0a2004c1596cdef29d483f8e97b346a

    • SHA512

      f5da160a7cb0195d51e578a51175fe8ccf209d633e6e852e163c64d2462fd91ab46a00f3660bae7a93443845f25e3d86ead4d722727a386932baaf689f1b3015

    • SSDEEP

      3072:9usm5zdjqLkkqdID8TUtxbuDlnT0psj+RIdoZV3yZHQjfw0YJdPz8LJlCNDTvgWH:oKJQIhsyRI4V3yZHQTFYJp+lqTvgj

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks