Overview

overview

10

Static

static

3

7e46d4436b...34.exe

windows7-x64

10

7e46d4436b...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e46d4436b93d1420eeaf0093aea2134.exe

  • Size

    435KB

  • Sample

    231127-srbtjshd51

  • MD5

    7e46d4436b93d1420eeaf0093aea2134

  • SHA1

    f1824d9fa5df628082e108989de4a2f19f9658fd

  • SHA256

    52286333dc380793b2fa162afcbdb93a25372296e6940df42a2b6c99389dc09b

  • SHA512

    c3e67d13d0d398ce55ec8bc5a9775df4608b73d22a9f2305d7bed75f1641fe653310c4b5fc1fbeeb84458f2e82a561361a0d332aff945d42df2ea318ea8136df

  • SSDEEP

    6144:VkucYCuJJRlcmGXTOHgcTzZ8/q29aWVKVM38AnhLKAHqG:V5cYCaJ3cjXcnTzubsG

Score
10/10
amadeyspywarestealertrojan

Malware Config

Extracted

Family

amadey

C2

http://arrunda.ru

http://soetegem.com

http://tceducn.com
Attributes
  • strings_key

    eb714cabd2548b4a03c45f723f838bdc

  • url_paths

    /forum/index.php

rc4.plain

Extracted

Family

amadey

Version

4.11

C2

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com
Attributes
  • install_dir

    d4dd819322

  • install_file

    Utsysc.exe

  • strings_key

    8419b3024d6f72beef8af6915e592308

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      7e46d4436b93d1420eeaf0093aea2134.exe

    • Size

      435KB

    • MD5

      7e46d4436b93d1420eeaf0093aea2134

    • SHA1

      f1824d9fa5df628082e108989de4a2f19f9658fd

    • SHA256

      52286333dc380793b2fa162afcbdb93a25372296e6940df42a2b6c99389dc09b

    • SHA512

      c3e67d13d0d398ce55ec8bc5a9775df4608b73d22a9f2305d7bed75f1641fe653310c4b5fc1fbeeb84458f2e82a561361a0d332aff945d42df2ea318ea8136df

    • SSDEEP

      6144:VkucYCuJJRlcmGXTOHgcTzZ8/q29aWVKVM38AnhLKAHqG:V5cYCaJ3cjXcnTzubsG

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks