Overview

overview

10

Static

static

3

ff625dd048...f5.exe

windows7-x64

10

ff625dd048...f5.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff625dd0483caccac07b4233e3f8174a2237b8382da090067dc66213f5d9c8f5.zip

  • Size

    293KB

  • Sample

    231119-3vbytscg58

  • MD5

    29e0901c85ea6a0971b8545e114aaeaf

  • SHA1

    b9d2e6eb75ffcc2ca4af48bc781b164ed0f8d389

  • SHA256

    c4a4baca218213238a8836c4525e1443b9d9fbf0b769593cd9afc0fd485ffd86

  • SHA512

    dd8ab907ccaf05e9c728d2384144179881bcf274c082196622bf14f434baa097297c786455b481bec6817e76193e142c8cd98eaa7afc22f39d29c7db45b01563

  • SSDEEP

    6144:flvnpcvYds65TFh2rVT4aWwBeVfW3+/RldtEYJ37dhLNYShgmDiZm7pJTxeOm+Bp:zcvYdFduVT4wUE+/RldfJ37dhuSi4Dpl

Score
10/10
amadeyspywarestealertrojan

Malware Config

Targets

    • Target

      ff625dd0483caccac07b4233e3f8174a2237b8382da090067dc66213f5d9c8f5.exe

    • Size

      393KB

    • MD5

      4a54d5329f830a89bef8f7c9a139a1e7

    • SHA1

      cf1037640f8eff1f57dc39957b45924570e62141

    • SHA256

      ff625dd0483caccac07b4233e3f8174a2237b8382da090067dc66213f5d9c8f5

    • SHA512

      1ac0073d827c2c9959ac92ccd77cab8ad839ae14cb67cd50f34f16e7d2254e1233c89476d94fbb98f4d8fb263f327ed97f7f1e05b7677d4d69a54d825a7d209c

    • SSDEEP

      6144:ELaHncfeWjEWFCLeXVJHjN2Pgi6iTbpht+GSmfJ09FX3N1pvYsS:E+EeWoWFxX7DNsgivTbphNS+JslS

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks