Overview

overview

10

Static

static

3

SecuriteIn...29.exe

windows7-x64

10

SecuriteIn...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.BotX-gen.6506.3929.exe

  • Size

    355KB

  • Sample

    231114-17dxvagb68

  • MD5

    889f8466ba2f0bb4d5bfb3c9f28fe432

  • SHA1

    3f6f4906676e5a40d38177909cf1f24ed6d30a46

  • SHA256

    75b6b00dcdb1025df8a76e02a7c989b5c6d670e0dcf1737be4f20641b89cde77

  • SHA512

    599ca35ca9be8a8d1a06cf2cdb674d964b1d33348fa0038ee6c83cf58bc2a321648f67d33a908e7bf160c3626ad5ad0c400a34344211a98c3b428cc613a7c0b8

  • SSDEEP

    6144:Yn4AHiIZQ7SPSaEq+Vi28gartWltqIOyTNl9AG0KwePc8fmO7sk8u4:iHimQ7aSankHar+qIOuNylePc8fykd

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.BotX-gen.6506.3929.exe

    • Size

      355KB

    • MD5

      889f8466ba2f0bb4d5bfb3c9f28fe432

    • SHA1

      3f6f4906676e5a40d38177909cf1f24ed6d30a46

    • SHA256

      75b6b00dcdb1025df8a76e02a7c989b5c6d670e0dcf1737be4f20641b89cde77

    • SHA512

      599ca35ca9be8a8d1a06cf2cdb674d964b1d33348fa0038ee6c83cf58bc2a321648f67d33a908e7bf160c3626ad5ad0c400a34344211a98c3b428cc613a7c0b8

    • SSDEEP

      6144:Yn4AHiIZQ7SPSaEq+Vi28gartWltqIOyTNl9AG0KwePc8fmO7sk8u4:iHimQ7aSankHar+qIOuNylePc8fykd

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks