amadey | 8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23
Size

356KB
Sample

231004-yxp61sgf85
MD5

3ef6d0d9ca0bc4b00d304ee370853a4c
SHA1

a188652de504e6e53a0f1560fcdd315a409d1ad1
SHA256

8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23
SHA512

42b7375dca8da5c1cfa65bc0b8aef15155a5fea8ef1199ea0cd874693b3bd98d01d4cb4b38ed0fd7ef549ad8121ceea6c1d6c462d757793e3f21ceea0fcfbc5b
SSDEEP

6144:rUyuwgfYypdScEGyH2VXisEYvo1JwgeDsizp7qdq:rUyuwgfYgSiyWVXzEYvoXwgeDseH

Score

10^/10

amadey fabookie evasion spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23.exe

Resource

win10-20230915-en

amadey fabookie evasion spyware stealer trojan upx

windows10-1703-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://193.42.32.29/9bDc8sQ/index.php

Attributes

install_dir
1ff8bec27e
install_file
nhdues.exe
strings_key
2efe1b48925e9abf268903d42284c46b

rc4.plain

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

- Target
  
  8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23
- Size
  
  356KB
- MD5
  
  3ef6d0d9ca0bc4b00d304ee370853a4c
- SHA1
  
  a188652de504e6e53a0f1560fcdd315a409d1ad1
- SHA256
  
  8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23
- SHA512
  
  42b7375dca8da5c1cfa65bc0b8aef15155a5fea8ef1199ea0cd874693b3bd98d01d4cb4b38ed0fd7ef549ad8121ceea6c1d6c462d757793e3f21ceea0fcfbc5b
- SSDEEP
  
  6144:rUyuwgfYypdScEGyH2VXisEYvo1JwgeDsizp7qdq:rUyuwgfYgSiyWVXzEYvoXwgeDseH
Score

10^/10

amadey fabookie evasion spyware stealer trojan upx
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

amadeyfabookieevasionspywarestealertrojanupx

© 2018-2025

Terms | Privacy