amadey | 48f42120cc5b3683db52663963704e8f0a7d935a2a24e3911e83079fb4f25ff3 | Triage

Sharing

General

Target

427d7fa7985c51a913c88ac92a5df795_JC.exe
Size

610KB
Sample

231013-fk9e1seg31
MD5

427d7fa7985c51a913c88ac92a5df795
SHA1

712e154408f7c3c55b08120b1e729b8bedd29a34
SHA256

48f42120cc5b3683db52663963704e8f0a7d935a2a24e3911e83079fb4f25ff3
SHA512

274e10efd14eb26091b5a59151e47e5a0223add6034fec787057ee697487db3b8c48be405c246db2d6f00674cebea0fd9bd872b5a238466cac0ac84deef836d9
SSDEEP

12288:ERivuoAtJ0Ej5FH3I95Q++qz+oFDtOOafqFAwCCys6+fGvaNB7ZXy+j3jMJW:ERntJPb4fQFvSt6iPyT+fGv6Bd

Score

10^/10

amadey fabookie spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

http://79.137.192.18/9bDc8sQ/index.php

Attributes

install_dir
577f58beff
install_file
yiueea.exe
strings_key
a5085075a537f09dec81cc154ec0af4d

rc4.plain

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

- Target
  
  427d7fa7985c51a913c88ac92a5df795_JC.exe
- Size
  
  610KB
- MD5
  
  427d7fa7985c51a913c88ac92a5df795
- SHA1
  
  712e154408f7c3c55b08120b1e729b8bedd29a34
- SHA256
  
  48f42120cc5b3683db52663963704e8f0a7d935a2a24e3911e83079fb4f25ff3
- SHA512
  
  274e10efd14eb26091b5a59151e47e5a0223add6034fec787057ee697487db3b8c48be405c246db2d6f00674cebea0fd9bd872b5a238466cac0ac84deef836d9
- SSDEEP
  
  12288:ERivuoAtJ0Ej5FH3I95Q++qz+oFDtOOafqFAwCCys6+fGvaNB7ZXy+j3jMJW:ERntJPb4fQFvSt6iPyT+fGv6Bd
Score

10^/10

amadey fabookie spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Fabookie payload
- Fabookie
  Fabookie is facebook account info stealer.
  spyware stealer fabookie
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyfabookiespywarestealertrojan

behavioral2

amadeyfabookiespywarestealertrojan