amadey | 2e976baf097df5f017d2ed15f3456345d0180afbf5910432d7629a29fdf75fef | Triage

Sharing

General

Target

2e976baf097df5f017d2ed15f3456345d0180afbf5910432d7629a29fdf75fefexe_JC.exe
Size

2.3MB
Sample

230802-vd3ffsha3t
MD5

adb7d29709bbc6b756cca7b7dda5658e
SHA1

41487c37e04720a70d6f2c467aaacbf999e11bd5
SHA256

2e976baf097df5f017d2ed15f3456345d0180afbf5910432d7629a29fdf75fef
SHA512

f0562cac20ac06a5c2c3f674b02aaf1dab97556f69fa759a410c1618945c89b15c0e49473fe269c13b6fbe133418c77a041857e0fcd0a3d4c6fc1f4aa2b02ff4
SSDEEP

24576:mxltyHQflUh/U5owayCu20tjmbCgCQtAERGsUdMhlh:mxbflOadltgCQsrMhX

Score

10^/10

amadey spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

45.9.74.182/b7djSDcPcZ/index.php

Targets

- Target
  
  2e976baf097df5f017d2ed15f3456345d0180afbf5910432d7629a29fdf75fefexe_JC.exe
- Size
  
  2.3MB
- MD5
  
  adb7d29709bbc6b756cca7b7dda5658e
- SHA1
  
  41487c37e04720a70d6f2c467aaacbf999e11bd5
- SHA256
  
  2e976baf097df5f017d2ed15f3456345d0180afbf5910432d7629a29fdf75fef
- SHA512
  
  f0562cac20ac06a5c2c3f674b02aaf1dab97556f69fa759a410c1618945c89b15c0e49473fe269c13b6fbe133418c77a041857e0fcd0a3d4c6fc1f4aa2b02ff4
- SSDEEP
  
  24576:mxltyHQflUh/U5owayCu20tjmbCgCQtAERGsUdMhlh:mxbflOadltgCQsrMhX
Score

10^/10

amadey spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyspywarestealertrojan

behavioral2

amadeyspywarestealertrojan