General
-
Target
7b378239ecd619d89249ad94f8d420996b4fe2f7e041f036fe43d6c5ec5d902d
-
Size
808KB
-
Sample
230421-r63edagb52
-
MD5
65b3587d02c6b54e30909e538ebb9161
-
SHA1
0a35dd8259f57eaa6b36a2ca0b2d85ab63fc781a
-
SHA256
7b378239ecd619d89249ad94f8d420996b4fe2f7e041f036fe43d6c5ec5d902d
-
SHA512
39c27b025d6033d420f9cb283a57c2eebede55d7d3d75e813fdefdb20871cc87cb8bf8909d5ae71dd90941922f1ac407369b0a803f831a09e91443266e004933
-
SSDEEP
12288:ly90TJtiapVTNrPtoEGJwmN1RPwMwE2K8xV9umw5vbBBUG2YgfvxtoEwH/nt3s:lyatloEC17wlFw5vbBx2Ym5RwH/nt3s
Malware Config
Targets
-
-
Target
7b378239ecd619d89249ad94f8d420996b4fe2f7e041f036fe43d6c5ec5d902d
-
Size
808KB
-
MD5
65b3587d02c6b54e30909e538ebb9161
-
SHA1
0a35dd8259f57eaa6b36a2ca0b2d85ab63fc781a
-
SHA256
7b378239ecd619d89249ad94f8d420996b4fe2f7e041f036fe43d6c5ec5d902d
-
SHA512
39c27b025d6033d420f9cb283a57c2eebede55d7d3d75e813fdefdb20871cc87cb8bf8909d5ae71dd90941922f1ac407369b0a803f831a09e91443266e004933
-
SSDEEP
12288:ly90TJtiapVTNrPtoEGJwmN1RPwMwE2K8xV9umw5vbBBUG2YgfvxtoEwH/nt3s:lyatloEC17wlFw5vbBx2Ym5RwH/nt3s
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-