General
-
Target
8e7a027d532b6bd3fec93f85d74cc217f82cfaeea95188c63eac6ea690a93fed
-
Size
980KB
-
Sample
230418-d8cpvahe52
-
MD5
52e6c014970bf6183fc779f021373694
-
SHA1
a33c0bcb95ca05e0d5e6fb95f2b515bf8b926427
-
SHA256
8e7a027d532b6bd3fec93f85d74cc217f82cfaeea95188c63eac6ea690a93fed
-
SHA512
0f1a9fc93ffcfe73cb2bff0e8dd58ec32fc9b190bdbd15c7c6dd480f188b80a2ef7e18bd3ce5c4ae452b739aa8ce5c29973ed36f1d3b6fdc02e0ecc8aaa8d5b0
-
SSDEEP
24576:Vy0abTZVftpT/x6ufcuSSVA5BmPe4d/k69e8s5:wBbT/fblDVSIA5BmPnle8
Malware Config
Targets
-
-
Target
8e7a027d532b6bd3fec93f85d74cc217f82cfaeea95188c63eac6ea690a93fed
-
Size
980KB
-
MD5
52e6c014970bf6183fc779f021373694
-
SHA1
a33c0bcb95ca05e0d5e6fb95f2b515bf8b926427
-
SHA256
8e7a027d532b6bd3fec93f85d74cc217f82cfaeea95188c63eac6ea690a93fed
-
SHA512
0f1a9fc93ffcfe73cb2bff0e8dd58ec32fc9b190bdbd15c7c6dd480f188b80a2ef7e18bd3ce5c4ae452b739aa8ce5c29973ed36f1d3b6fdc02e0ecc8aaa8d5b0
-
SSDEEP
24576:Vy0abTZVftpT/x6ufcuSSVA5BmPe4d/k69e8s5:wBbT/fblDVSIA5BmPnle8
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-