Overview

overview

10

Static

static

3

7641c8716c...70.exe

windows7-x64

10

7641c8716c...70.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870.zip

  • Size

    294KB

  • Sample

    231119-2dlw2acd22

  • MD5

    f1b250c157ca7b7d723021c82bc5c535

  • SHA1

    3fe93699c2d7de5bbc05d3b828773f5de3d2e787

  • SHA256

    b23bd9b6a18889e52ca6109ba752dc0e3f0f401d96f0b55d17b3778316e21a81

  • SHA512

    b2ac4ce52d9e7344251b853449d41defcd187d13f243cf1bb3ea2f38ce057f93f4473ed955d543bf079851af485b41e7822ed80c56726accff803259c9b0291d

  • SSDEEP

    6144:ebIl7+S1bM/HI8Pmr0q6fG5lrKVwDVGOqgdzDQH7RGKJyQ5:8IMSJCrPmQq6filrdD0BgdQFGKJyg

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870.exe

    • Size

      395KB

    • MD5

      07ed9e086474d0f8d70dfb2ca9c27904

    • SHA1

      400e90f6b7396e1d9a72d379ae97f64c01c5c908

    • SHA256

      7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870

    • SHA512

      3bd8e9c119dc8a9996460c08a9afd2ccd643cc609e473f7e3c6fa51f5758429fdf4331c5dc2e953690ea0649d20020bd7a4de77a17f8f6f47e1624589ddf39de

    • SSDEEP

      6144:zbL92a91LVTPQBA/JlyP0oa9Gd+5ggDznzpvjxf8Py:npLLVToBA/be0/2e9DJvjS

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks