General
-
Target
468033c2e6a98660cda4376fa7b2b95c.exe
-
Size
436KB
-
Sample
231127-sqrhlshd5v
-
MD5
468033c2e6a98660cda4376fa7b2b95c
-
SHA1
340529da72ad4aad5896cfdbd49d293028eb96d5
-
SHA256
b70d16a1fda7970ec06e9250b6215062d4a77b7c3bf52a75195ba8cce285643b
-
SHA512
25581dcb6f731eccece7604b0d5410c356144b6886e8a344fd6891ec9544994e8279ee35d5b8f7f1cc7911cd7073f4ef6917ffb820effc48b4bb0af6f0318342
-
SSDEEP
6144:KCS/nm7QpasI425Jyuu2LwKAFqfKxyiM0MxYhLcgvR:KCmsQpiufqfqTS
Malware Config
Extracted
amadey
http://arrunda.ru
http://soetegem.com
http://tceducn.com
-
strings_key
eb714cabd2548b4a03c45f723f838bdc
-
url_paths
/forum/index.php
Extracted
amadey
4.11
http://shohetrc.com
http://sibcomputer.ru
http://tve-mail.com
-
install_dir
d4dd819322
-
install_file
Utsysc.exe
-
strings_key
8419b3024d6f72beef8af6915e592308
-
url_paths
/forum/index.php
Targets
-
-
Target
468033c2e6a98660cda4376fa7b2b95c.exe
-
Size
436KB
-
MD5
468033c2e6a98660cda4376fa7b2b95c
-
SHA1
340529da72ad4aad5896cfdbd49d293028eb96d5
-
SHA256
b70d16a1fda7970ec06e9250b6215062d4a77b7c3bf52a75195ba8cce285643b
-
SHA512
25581dcb6f731eccece7604b0d5410c356144b6886e8a344fd6891ec9544994e8279ee35d5b8f7f1cc7911cd7073f4ef6917ffb820effc48b4bb0af6f0318342
-
SSDEEP
6144:KCS/nm7QpasI425Jyuu2LwKAFqfKxyiM0MxYhLcgvR:KCmsQpiufqfqTS
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-