Overview

overview

10

Static

static

3

NEAS.ef63c...00.exe

windows7-x64

10

NEAS.ef63c...00.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.ef63c97f703ba796c336fcf6824b2400.exe

  • Size

    354KB

  • Sample

    231117-x3bp5sdb33

  • MD5

    ef63c97f703ba796c336fcf6824b2400

  • SHA1

    69b63ef20df1f2243a2a5c6eba2663d3eb4773bb

  • SHA256

    6d3cd39358c91c56b4798b64c73f03e3877a80dffe01d07e2ad13e979e845ed0

  • SHA512

    b934d518b96b5a7ef4ef025cac7637f3239123385949852d0e7f60af4aa812ddd08ff77a253f428359d730f163bcbedf25e9cd42347a547e3937b9ba15b19e6a

  • SSDEEP

    6144:tAafHjoxb3mh2gCbhs4hxehhWrv0b6VKWUvjJuM:LHjomC1bxei1dk0

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      NEAS.ef63c97f703ba796c336fcf6824b2400.exe

    • Size

      354KB

    • MD5

      ef63c97f703ba796c336fcf6824b2400

    • SHA1

      69b63ef20df1f2243a2a5c6eba2663d3eb4773bb

    • SHA256

      6d3cd39358c91c56b4798b64c73f03e3877a80dffe01d07e2ad13e979e845ed0

    • SHA512

      b934d518b96b5a7ef4ef025cac7637f3239123385949852d0e7f60af4aa812ddd08ff77a253f428359d730f163bcbedf25e9cd42347a547e3937b9ba15b19e6a

    • SSDEEP

      6144:tAafHjoxb3mh2gCbhs4hxehhWrv0b6VKWUvjJuM:LHjomC1bxei1dk0

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks