General
-
Target
8f485437b9956c3867e953f1fd3bc3b2c3ca48bde660def751ac7214a6de7ba1
-
Size
945KB
-
Sample
230421-qq7hqahf6v
-
MD5
71a325b04f0dd8378968bf90e1b4bd13
-
SHA1
213cfeb02c30fbd7e1610ee6786575d05f763fd6
-
SHA256
8f485437b9956c3867e953f1fd3bc3b2c3ca48bde660def751ac7214a6de7ba1
-
SHA512
333ee0433f87b5cfd569716acd70ed6916a95fcc1f6ae313dfb7badcb201fb7286b65dbc8c14cc46e31916c40e54a515d4c6eef9d45351d7ac3676e0d4684296
-
SSDEEP
24576:zy/VkfaK/8/5uk2waapSKqKJ2uLZdQc6J9mb:G/D5uDwVpFJ2e6m
Malware Config
Targets
-
-
Target
8f485437b9956c3867e953f1fd3bc3b2c3ca48bde660def751ac7214a6de7ba1
-
Size
945KB
-
MD5
71a325b04f0dd8378968bf90e1b4bd13
-
SHA1
213cfeb02c30fbd7e1610ee6786575d05f763fd6
-
SHA256
8f485437b9956c3867e953f1fd3bc3b2c3ca48bde660def751ac7214a6de7ba1
-
SHA512
333ee0433f87b5cfd569716acd70ed6916a95fcc1f6ae313dfb7badcb201fb7286b65dbc8c14cc46e31916c40e54a515d4c6eef9d45351d7ac3676e0d4684296
-
SSDEEP
24576:zy/VkfaK/8/5uk2waapSKqKJ2uLZdQc6J9mb:G/D5uDwVpFJ2e6m
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-