General
-
Target
b0ebcb2199d25f40e99ba1622eb0ca6f729dee0f62e5d9e46d3a356cc4e2f30b
-
Size
843KB
-
Sample
230418-a1sjjsgg86
-
MD5
e081e6b38c8d4c7a837b1cebe0d27a4a
-
SHA1
62894b0d04993258daf24d817f06b189ee097944
-
SHA256
b0ebcb2199d25f40e99ba1622eb0ca6f729dee0f62e5d9e46d3a356cc4e2f30b
-
SHA512
f7311660bcf0c0726b9f9a0e62d98b13acf98c6f4818f0897526c2c9a52a17b9a481c9baab222d32c6344c902d1d8f7fc553f39a1e6942d30afa23e7dd8a5497
-
SSDEEP
24576:XyKI/3+1t73MPzMdm2Cq2VP/9AOc4e7Ql+ASZ8d0:iKI/3+PYMZj2VX91l1AASKd
Malware Config
Targets
-
-
Target
b0ebcb2199d25f40e99ba1622eb0ca6f729dee0f62e5d9e46d3a356cc4e2f30b
-
Size
843KB
-
MD5
e081e6b38c8d4c7a837b1cebe0d27a4a
-
SHA1
62894b0d04993258daf24d817f06b189ee097944
-
SHA256
b0ebcb2199d25f40e99ba1622eb0ca6f729dee0f62e5d9e46d3a356cc4e2f30b
-
SHA512
f7311660bcf0c0726b9f9a0e62d98b13acf98c6f4818f0897526c2c9a52a17b9a481c9baab222d32c6344c902d1d8f7fc553f39a1e6942d30afa23e7dd8a5497
-
SSDEEP
24576:XyKI/3+1t73MPzMdm2Cq2VP/9AOc4e7Ql+ASZ8d0:iKI/3+PYMZj2VX91l1AASKd
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-