General
-
Target
a615a94ced394acc56c526658d9fa9bf1276981db488874068d6935a2f797438
-
Size
815KB
-
Sample
230421-x7m9qshe52
-
MD5
c0a67ce53275c44de7073c5e4ed75199
-
SHA1
35021d5f1704ca9fd2c4ea66c26a0049d49ce87a
-
SHA256
a615a94ced394acc56c526658d9fa9bf1276981db488874068d6935a2f797438
-
SHA512
1d4a15d875675117f264162b9d954b847c3438eed314b625e4fcde5e848f1f6f8a2a83d66aa7f6a0d89b1ef0c74de31ceaef57f33dcaa0a7e2e2a3035978f069
-
SSDEEP
12288:+y90cerTm1imI/HQtK/YOdgWtDZSGzwEF+Fea93inufmqQCgRKM12U6:+yruTmcm0HQ/OKydzRF+YkiyWKM1a
Malware Config
Targets
-
-
Target
a615a94ced394acc56c526658d9fa9bf1276981db488874068d6935a2f797438
-
Size
815KB
-
MD5
c0a67ce53275c44de7073c5e4ed75199
-
SHA1
35021d5f1704ca9fd2c4ea66c26a0049d49ce87a
-
SHA256
a615a94ced394acc56c526658d9fa9bf1276981db488874068d6935a2f797438
-
SHA512
1d4a15d875675117f264162b9d954b847c3438eed314b625e4fcde5e848f1f6f8a2a83d66aa7f6a0d89b1ef0c74de31ceaef57f33dcaa0a7e2e2a3035978f069
-
SSDEEP
12288:+y90cerTm1imI/HQtK/YOdgWtDZSGzwEF+Fea93inufmqQCgRKM12U6:+yruTmcm0HQ/OKydzRF+YkiyWKM1a
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-