a125afdece6302fc5b20d303320f050afc1ea234a2b48f34da9b2f2516072f1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Amadey_1.zip
Size

594KB
Sample

231107-qv4ydsef9x
MD5

2b467297140f3d741c9a03ce819d0b02
SHA1

1ac71b52a0f4f3d453574e615cb315b192b3ed8c
SHA256

a125afdece6302fc5b20d303320f050afc1ea234a2b48f34da9b2f2516072f1f
SHA512

b07b8d848d3e5c1e1f84bd53081dd26403bfaa4d6d1c4f748127e5d0e4c0ce53fc7f659f819d510c41fcf67bd08575a80cdf61066da317c5b2f145a24cbbcf90
SSDEEP

12288:zRdNePO9M2tA1gZ5Tuqq2UEmFQw9YBbT+diTBniQUY0vo4nOOTsZ9rhqlaS:ddw29ffZ5TuhQw9YFiITcJJOOTsbElaS

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  4643d18bb8be79c2e3178bc3978d201c596ab70a347e8cf1e8fdbe3028d69d7c.exe
- Size
  
  1.2MB
- MD5
  
  0111e5a2a49918b9c34cbfbf6380f3f3
- SHA1
  
  81fc519232c0286f5319b35078ac3bb381311bd4
- SHA256
  
  4643d18bb8be79c2e3178bc3978d201c596ab70a347e8cf1e8fdbe3028d69d7c
- SHA512
  
  a2aac32a2c5146dd7287d245bfa9424287bfd12a40825f4da7d18204837242c99d4406428f2361e13c2e4f4d68c385de12e98243cf48bf4c6c5a82273c4467a5
- SSDEEP
  
  24576:RAwtSMdHL4+3MQL+RoZk9LZ/zedfjMTUmXbc5Pf8Vd3rsx:Nc+3MQLQoZyZ/zEfc6P0D
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1