Overview

overview

10

Static

static

3

b6d627dcf0...05.exe

windows7-x64

10

b6d627dcf0...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6d627dcf04d04889b1f01a14ec12405.exe

  • Size

    307KB

  • Sample

    231031-hzcqpshb81

  • MD5

    b6d627dcf04d04889b1f01a14ec12405

  • SHA1

    f7292c3d6f2003947cc5455b41df5f8fbd14df14

  • SHA256

    9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf

  • SHA512

    1eef46fcb568049edad6a6dac0ce6532185f15d2b4f9939853226a4f24e0732f637951c98f580efdb98ef396d3f4d9846bccffa22c0309b455432c98292af937

  • SSDEEP

    6144:G77rhGafhHSBwHRqGJbdbZI44SGe4s8Lu67rvAOveiZavLb:G7rRSSHRnJfIrscu67TZhavL

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      b6d627dcf04d04889b1f01a14ec12405.exe

    • Size

      307KB

    • MD5

      b6d627dcf04d04889b1f01a14ec12405

    • SHA1

      f7292c3d6f2003947cc5455b41df5f8fbd14df14

    • SHA256

      9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf

    • SHA512

      1eef46fcb568049edad6a6dac0ce6532185f15d2b4f9939853226a4f24e0732f637951c98f580efdb98ef396d3f4d9846bccffa22c0309b455432c98292af937

    • SSDEEP

      6144:G77rhGafhHSBwHRqGJbdbZI44SGe4s8Lu67rvAOveiZavLb:G7rRSSHRnJfIrscu67TZhavL

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks