General
-
Target
tmp
-
Size
471KB
-
Sample
231202-fy356aab24
-
MD5
d04ed77603a9ecd1021a3cc904b77b7d
-
SHA1
1af40b938bf0827bcf4f4dba0259d7a07d5b3afd
-
SHA256
699086fe7458c741e38ee637ce391594ddb34a20f21340edb93c2818841607bc
-
SHA512
658e33e4c09325331f32ce7e84eed4f7e0460e9d1dc2cf4246ee71d083b7f617336ed72e652cfd84f665f21276580611fbd5189a950dcdca5413b001a1bd4c68
-
SSDEEP
12288:c5gKgE7sQfGewA1z0ESCCprv4spFDm9oBq6II:cOjfQfGeHB0EN8vPpFa9oB7II
Malware Config
Extracted
amadey
http://77.91.76.37
-
strings_key
c736fd5bdd26ef77013837dee2004742
-
url_paths
/g8samsA2/index.php
Extracted
amadey
4.13
http://77.91.76.37
-
install_dir
c508585d38
-
install_file
Utsysc.exe
-
strings_key
c736fd5bdd26ef77013837dee2004742
-
url_paths
/g8samsA2/index.php
Targets
-
-
Target
tmp
-
Size
471KB
-
MD5
d04ed77603a9ecd1021a3cc904b77b7d
-
SHA1
1af40b938bf0827bcf4f4dba0259d7a07d5b3afd
-
SHA256
699086fe7458c741e38ee637ce391594ddb34a20f21340edb93c2818841607bc
-
SHA512
658e33e4c09325331f32ce7e84eed4f7e0460e9d1dc2cf4246ee71d083b7f617336ed72e652cfd84f665f21276580611fbd5189a950dcdca5413b001a1bd4c68
-
SSDEEP
12288:c5gKgE7sQfGewA1z0ESCCprv4spFDm9oBq6II:cOjfQfGeHB0EN8vPpFa9oB7II
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-