Overview

overview

10

Static

static

3

installer_...J1.exe

windows7-x64

10

installer_...J1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File_NewInstall_4455_The_Pa$$word.rar

  • Size

    43.7MB

  • Sample

    230608-yqn1daaf7x

  • MD5

    160eaac54e56d9a3389b3dfae5104f13

  • SHA1

    e5fa4cbc883ce0e68c7e299d0f5a2585eea306cb

  • SHA256

    307e88a3540c6f1a77764affc54feef9d3d1b9012b0c8d21641fa0ef3d7dea5e

  • SHA512

    b9892e4e61e5878492f2fa1c9c9b2512027db2618fd7789a93c6033b2b02e2023587e40382480062e1dfb93dfc13b729ad58f27a3638d7d26f2167fe390cf677

  • SSDEEP

    786432:mgR1KyoaCRxll/yiHRQeumrTC9d6rsXBs2H36n8jAgUl6b5ww1h3Yvj:mgAaATllSIC/6rv+36nrleRFQ

Score
10/10
amadeyspywaretrojan

Malware Config

Targets

    • Target

      installer_2023_35008_8kV-8J1.exe

    • Size

      29.6MB

    • MD5

      dae330ba1c5a687698ec662ba7a71727

    • SHA1

      f8c306294babfe737dd612c9b5abb35e9f73c687

    • SHA256

      f41f9cc12263327a796353cb937900ee525915be48b469111b310d03a6e02e4b

    • SHA512

      52a3b80c8b25df78f8164e5675097aba08fe0a4016c385634a75f985c8a97afef2bce5e99105d8012f3fb7f29a684edf0235093984a17424a3ba5622b9492ffe

    • SSDEEP

      786432:EE8DOhuFl5F78l8gmNJ2LJaAQFVC8dN3iv/tXtUAW:EEwpx8larNYtXt7

    Score
    10/10
    amadeyspywaretrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks