General
-
Target
6ff0d834172b219646fd303252547721abb395d65f7fc437d58dc09075067e36
-
Size
1.1MB
-
Sample
230415-y94j6sff38
-
MD5
b6ae544084d56591d6d7034322b674e3
-
SHA1
19b22f94b584b42705bb8f311d9beec055835109
-
SHA256
6ff0d834172b219646fd303252547721abb395d65f7fc437d58dc09075067e36
-
SHA512
bbfc22365c88e8d3adf5d75b5a774fe505fee4a150582920978b39a513be9ed294098ee6ad4065a7f522d69620576b4f5e5a69fcd0fd58b6ca93800424319a0c
-
SSDEEP
24576:Ky8i+56vtQgzbbaPNYGhOuS5eP8dXAShNYnUedcK6ZU9Qjb:RTe6zXaPy8Rqe+bhW3dcK64Q
Malware Config
Targets
-
-
Target
6ff0d834172b219646fd303252547721abb395d65f7fc437d58dc09075067e36
-
Size
1.1MB
-
MD5
b6ae544084d56591d6d7034322b674e3
-
SHA1
19b22f94b584b42705bb8f311d9beec055835109
-
SHA256
6ff0d834172b219646fd303252547721abb395d65f7fc437d58dc09075067e36
-
SHA512
bbfc22365c88e8d3adf5d75b5a774fe505fee4a150582920978b39a513be9ed294098ee6ad4065a7f522d69620576b4f5e5a69fcd0fd58b6ca93800424319a0c
-
SSDEEP
24576:Ky8i+56vtQgzbbaPNYGhOuS5eP8dXAShNYnUedcK6ZU9Qjb:RTe6zXaPy8Rqe+bhW3dcK64Q
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-