General
-
Target
1bd4bcad9b5c1d0b5843969370bba61207df7c6c05d270d7f9b3245a9c8ce5c1
-
Size
1.1MB
-
Sample
230418-n9yc2sda4t
-
MD5
17fa2be0f5098cf32b8d5106a77f3f97
-
SHA1
c7dedc89edf054115b2ce1b3ed44017486de1c28
-
SHA256
1bd4bcad9b5c1d0b5843969370bba61207df7c6c05d270d7f9b3245a9c8ce5c1
-
SHA512
4199164ccac2481034c731cd8971ba7549ffc5d8dec7d467df9787c28bc9af0320932ee4afa9dcad674637e20cdd4acb8d17d3e9952e2dcae73588ed83079d87
-
SSDEEP
24576:Dy5tdwO3s+ll6b00MowAm/PCsialq1A9qTVvbD20vnM2OHoy:W5ta+s+lkBwJ/PCSA7TVzw2OH
Malware Config
Targets
-
-
Target
1bd4bcad9b5c1d0b5843969370bba61207df7c6c05d270d7f9b3245a9c8ce5c1
-
Size
1.1MB
-
MD5
17fa2be0f5098cf32b8d5106a77f3f97
-
SHA1
c7dedc89edf054115b2ce1b3ed44017486de1c28
-
SHA256
1bd4bcad9b5c1d0b5843969370bba61207df7c6c05d270d7f9b3245a9c8ce5c1
-
SHA512
4199164ccac2481034c731cd8971ba7549ffc5d8dec7d467df9787c28bc9af0320932ee4afa9dcad674637e20cdd4acb8d17d3e9952e2dcae73588ed83079d87
-
SSDEEP
24576:Dy5tdwO3s+ll6b00MowAm/PCsialq1A9qTVvbD20vnM2OHoy:W5ta+s+lkBwJ/PCSA7TVzw2OH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-