General
-
Target
f8e0ece0ff3a16a06fd53e8855b422bf3b2ced48d3facfd954526b1c6b6a42a6
-
Size
778KB
-
Sample
231121-bx3qsabd56
-
MD5
5ec105a970496fb51f79d941c955384e
-
SHA1
a353128622b5fea6411f704ec9e0d59c6bca328e
-
SHA256
f8e0ece0ff3a16a06fd53e8855b422bf3b2ced48d3facfd954526b1c6b6a42a6
-
SHA512
81cf888bc67c5ae87b6c5bbfe6273bb8e2f838a5371f4942913c23ae224552207abe152a8dba90d61689b381e9b0600904233e8aa2f39f4d29fe92bfa022fcb5
-
SSDEEP
24576:k7+zKTgqQCKQxXPzA8yxsNl9FhdZyjJzp2SrqR2Y8L+urE3N3eYlOfom0:kjuI3Nujwx
Malware Config
Targets
-
-
Target
f8e0ece0ff3a16a06fd53e8855b422bf3b2ced48d3facfd954526b1c6b6a42a6
-
Size
778KB
-
MD5
5ec105a970496fb51f79d941c955384e
-
SHA1
a353128622b5fea6411f704ec9e0d59c6bca328e
-
SHA256
f8e0ece0ff3a16a06fd53e8855b422bf3b2ced48d3facfd954526b1c6b6a42a6
-
SHA512
81cf888bc67c5ae87b6c5bbfe6273bb8e2f838a5371f4942913c23ae224552207abe152a8dba90d61689b381e9b0600904233e8aa2f39f4d29fe92bfa022fcb5
-
SSDEEP
24576:k7+zKTgqQCKQxXPzA8yxsNl9FhdZyjJzp2SrqR2Y8L+urE3N3eYlOfom0:kjuI3Nujwx
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-