amadey | e8911bb8e59c1b64ec8c6867ee2be66ed5b39c584ce80ffbbdf8640ccbcae65b | Triage

Sharing

General

Target

JC_e8911bb8e59c1b64ec8c6867ee2be66ed5b39c584ce80ffbbdf8640ccbcae65b
Size

501KB
Sample

231013-cjmyvacb68
MD5

12552a34cd4b93a238715143ce939456
SHA1

3e2e1ee5df49d85a3eaa11902033d8ed82d7a6d7
SHA256

e8911bb8e59c1b64ec8c6867ee2be66ed5b39c584ce80ffbbdf8640ccbcae65b
SHA512

4e0a05a223a52ecda69f44027fabe5b8e568d155c0064e4b93229df1d6916de3fb9b24003d07b609e3154860c1a635378ef243ae9c9ef1e876b988d79844f64b
SSDEEP

12288:uMGGVrh8GjaqQhqEELp/TUFi93KLlZ/VH:uMGGVrh8GjabhqEELp/oFi94Zt

Score

10^/10

amadey fabookie spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

http://5.42.65.80/8bmeVwqx/index.php

Attributes

install_dir
207aa4515d
install_file
oneetx.exe
strings_key
3e634dd0840c68ae2ced83c2be7bf0d4

rc4.plain

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

- Target
  
  JC_e8911bb8e59c1b64ec8c6867ee2be66ed5b39c584ce80ffbbdf8640ccbcae65b
- Size
  
  501KB
- MD5
  
  12552a34cd4b93a238715143ce939456
- SHA1
  
  3e2e1ee5df49d85a3eaa11902033d8ed82d7a6d7
- SHA256
  
  e8911bb8e59c1b64ec8c6867ee2be66ed5b39c584ce80ffbbdf8640ccbcae65b
- SHA512
  
  4e0a05a223a52ecda69f44027fabe5b8e568d155c0064e4b93229df1d6916de3fb9b24003d07b609e3154860c1a635378ef243ae9c9ef1e876b988d79844f64b
- SSDEEP
  
  12288:uMGGVrh8GjaqQhqEELp/TUFi93KLlZ/VH:uMGGVrh8GjabhqEELp/oFi94Zt
Score

10^/10

amadey fabookie spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyfabookiespywarestealertrojan

behavioral2

amadeyfabookiespywarestealertrojan