General
-
Target
81df1c666569299215d0dc9295a09c296345fb98f8330063b46b90cc1d1d04b0
-
Size
978KB
-
Sample
230418-bh9ksaaf61
-
MD5
96fe74355efc4d07e0bd230a91ad215e
-
SHA1
0ab26b49bc29aea8fd5fdb7f6353a1ec50bf209b
-
SHA256
81df1c666569299215d0dc9295a09c296345fb98f8330063b46b90cc1d1d04b0
-
SHA512
c927b8796718a84c8f29dd19f148890a66db5df4e2e2284a929b55025b28c8144e67fd8526997c35a53bb37eebe554a308a9130d35c7efb73ecde4153360e43a
-
SSDEEP
24576:Ly3jZLCa418ooYIw9VFH6ZeMfrLNa78MF:+vi/h9VFHOLjL
Malware Config
Targets
-
-
Target
81df1c666569299215d0dc9295a09c296345fb98f8330063b46b90cc1d1d04b0
-
Size
978KB
-
MD5
96fe74355efc4d07e0bd230a91ad215e
-
SHA1
0ab26b49bc29aea8fd5fdb7f6353a1ec50bf209b
-
SHA256
81df1c666569299215d0dc9295a09c296345fb98f8330063b46b90cc1d1d04b0
-
SHA512
c927b8796718a84c8f29dd19f148890a66db5df4e2e2284a929b55025b28c8144e67fd8526997c35a53bb37eebe554a308a9130d35c7efb73ecde4153360e43a
-
SSDEEP
24576:Ly3jZLCa418ooYIw9VFH6ZeMfrLNa78MF:+vi/h9VFHOLjL
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-