Overview

overview

10

Static

static

3

a4528e6b73...76.exe

windows7-x64

10

a4528e6b73...76.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4528e6b733c6b595e93e3d50fb849edbe9fcd062b65fb2bd4ae5d8d76ac5b76.zip

  • Size

    294KB

  • Sample

    231119-3vbm3acg54

  • MD5

    a6c64b1424ebb0104e2374cb240aeb1d

  • SHA1

    3b8230387bef3634f16d46081ce60acf6a51dc0b

  • SHA256

    3f937c1cb9b4f83396e2d3f5461a083fd537c4c315a236b9925bf95155747320

  • SHA512

    3686615d11de9d8efe8e141260216bf491c9198ce8ba0ba49e5886a64ecc97b822577c51d5a4fe1abf6a469d805a4db273b5702a3897666a8065b8645741514e

  • SSDEEP

    6144:D8Lmu1wIv8spLBpqXkkV/QonVENlfAx429waGmlwoLd:D1uDvlBpq0SQfIwa3Jx

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      a4528e6b733c6b595e93e3d50fb849edbe9fcd062b65fb2bd4ae5d8d76ac5b76.exe

    • Size

      394KB

    • MD5

      8910bec70841a3246416820e6b9a299c

    • SHA1

      416388674468211f3fe8b933026507cbe7e4f411

    • SHA256

      a4528e6b733c6b595e93e3d50fb849edbe9fcd062b65fb2bd4ae5d8d76ac5b76

    • SHA512

      c010f036cd51ae3fa69ba5514f729044a60660c17a7b72123e965a19acdf13dc0dff1d2f765502f7f2b9403b621f905162c5e4527d8a00681eb72d9a91566d0b

    • SSDEEP

      6144:qLL+q+uA0685+FQ9DC4qOcLBYEE5lSSQvXtFEUT7EqLG:yqqHATtu9m4iSEMmtFE0

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks