Overview

overview

10

Static

static

3

48bcf2b8e6...9e.exe

windows7-x64

10

48bcf2b8e6...9e.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip

  • Size

    299KB

  • Sample

    231119-3gvh1sce99

  • MD5

    4e953965bd4f0fd79d8bcabfe926a330

  • SHA1

    0fa0145baa4153ff94fb29c916c33db8145223c5

  • SHA256

    7a77e4caf16ad0fa76422beb61138b01890c651553a35eaf532ffddb4885e3dd

  • SHA512

    cc89eea8e99eaa8657416f1df74bf6d4f9a09994feab0a2bd57497f92e9c38be832e3a7ed87386b8220ae2759c4d9e3d35dcd367b150942dc3f74a179405ef6d

  • SSDEEP

    6144:dQAsgkNHuPE4sm5ilfg1PfzyfGRyp58BR3GGvsOd/RbUDXUyWshIFcn92LHpNwB:dQAsgmOPE4FaoVWGEp58XL/9cXUyNGgB

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe

    • Size

      389KB

    • MD5

      06db095ad745f4d74172f4fba8f3627b

    • SHA1

      ca7b62c845365ba6b89293c58b765ae6e583574f

    • SHA256

      48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e

    • SHA512

      394d58e36537cb2bdfd6ed5c7c0a46a8d07dd9e9c835b8bdf7ee8a7604558a217ec59eca29372cb788ee0a9708a33f2db9c1f78bebda5b799196f712a346a207

    • SSDEEP

      6144:QBILQwvGEKYPrXiR8vXkQlJIX6nIFI9he4jy1JKSH:QBI8wuXCXiRclJ5x9hly1x

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks