Overview

overview

10

Static

static

3

ca3cc0a015...fe.exe

windows7-x64

10

ca3cc0a015...fe.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe.zip

  • Size

    292KB

  • Sample

    231119-3gvtsacf23

  • MD5

    e490d46db488f9ef207a37ef7e64dd8e

  • SHA1

    6979d9d2c69d3e24e90d042267d95d6b891ce088

  • SHA256

    69ac00a68086e976d788170ec04ed3aa4cba4073ec7943992cb1c0a97aa376df

  • SHA512

    bd72476fa7add8ff715e8dac2dc6597ea9876298350c517b0228088e191f62978e320822cd2e5986cd33015f62e5dc7d851c9d8409b9a858783f9d1634ce9530

  • SSDEEP

    6144:vFcm636ChpH3I5fyk3g0MmxrbWK1+6yJhCIqRzoouDJpwM7i/:eqIJ3iB3gzmdz+RCn0VDJpv7U

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe.exe

    • Size

      386KB

    • MD5

      3e368055148cb6a46d2c37c22e7b6d7c

    • SHA1

      5ff4a741c50a7ba749db056f6c8576e1c9f07a93

    • SHA256

      ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe

    • SHA512

      82445e8c8409817dfa3ffa699a42a0f6449c0377d7729238a86f4d3fe86fc60da2d34c80d720b86dab20f072281a0ad52b159335d33fb9e893fbf37000b06429

    • SSDEEP

      6144:CoLwV/vaoA4iuDorUhN0cTV06WCKRkqGxT68JmFc56:Co0V/ziMLhNZ6kiFGE8JmFS

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks