General

  • Target

    b0c0344e368a826ec66e6b8a9ca1eb73d7e32b9df9288de593e47052881d4b1e

  • Size

    1.1MB

  • Sample

    230418-p8hfwabe46

  • MD5

    e925bb2ce0f432dd09b05dda6c8801a9

  • SHA1

    e631f5b1cdd3fdaf2fc435cc7b3a667f23fe3b25

  • SHA256

    b0c0344e368a826ec66e6b8a9ca1eb73d7e32b9df9288de593e47052881d4b1e

  • SHA512

    8eeb3edb9266e2a9d5bc45e49e4b02dc1f1453bf13426ea03fe8adf5e6d92179269aa225945fc61496d2f8b79988cdef937a8610e737db6bfccbaec2c5528d8b

  • SSDEEP

    24576:Ky5Aqd9cHkL4/CYvaJK+fbA4VGH47b/MOO0gXf5ZAb8+izXXjR:Rnnykc/JvahfMQu47gOO7Xf54f2

Malware Config

Targets

    • Target

      b0c0344e368a826ec66e6b8a9ca1eb73d7e32b9df9288de593e47052881d4b1e

    • Size

      1.1MB

    • MD5

      e925bb2ce0f432dd09b05dda6c8801a9

    • SHA1

      e631f5b1cdd3fdaf2fc435cc7b3a667f23fe3b25

    • SHA256

      b0c0344e368a826ec66e6b8a9ca1eb73d7e32b9df9288de593e47052881d4b1e

    • SHA512

      8eeb3edb9266e2a9d5bc45e49e4b02dc1f1453bf13426ea03fe8adf5e6d92179269aa225945fc61496d2f8b79988cdef937a8610e737db6bfccbaec2c5528d8b

    • SSDEEP

      24576:Ky5Aqd9cHkL4/CYvaJK+fbA4VGH47b/MOO0gXf5ZAb8+izXXjR:Rnnykc/JvahfMQu47gOO7Xf54f2

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks