General
-
Target
ee1b14f6b10891118bcfc2d7d51250570e2cde15d4ecc7421541165796aa847d
-
Size
979KB
-
Sample
230418-cr2f7shc69
-
MD5
0640c658d36a670f325de537c3cc1436
-
SHA1
1804f7155ebeee7ca7df6675d107b90d14c342b8
-
SHA256
ee1b14f6b10891118bcfc2d7d51250570e2cde15d4ecc7421541165796aa847d
-
SHA512
7d44f5c418779165e8720a623e923f888d174653e318c66b4faaa87bfb5f51addd1e590b5fffd6037272902022347b0db3f6aa33dacb0e65f0976cec2a3757fe
-
SSDEEP
24576:zy9sI+dSWv+qL3DYE2YmmG/mWrc+hCUW7KPLjwvLCAg:GaI+pM/mkxPEKPLcvuA
Malware Config
Targets
-
-
Target
ee1b14f6b10891118bcfc2d7d51250570e2cde15d4ecc7421541165796aa847d
-
Size
979KB
-
MD5
0640c658d36a670f325de537c3cc1436
-
SHA1
1804f7155ebeee7ca7df6675d107b90d14c342b8
-
SHA256
ee1b14f6b10891118bcfc2d7d51250570e2cde15d4ecc7421541165796aa847d
-
SHA512
7d44f5c418779165e8720a623e923f888d174653e318c66b4faaa87bfb5f51addd1e590b5fffd6037272902022347b0db3f6aa33dacb0e65f0976cec2a3757fe
-
SSDEEP
24576:zy9sI+dSWv+qL3DYE2YmmG/mWrc+hCUW7KPLjwvLCAg:GaI+pM/mkxPEKPLcvuA
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-