amadey | cfa888e64110e06bbe0d79f2664f048d6eee82a2278dff86c21e1ae6bb6b51f5 | Triage

Sharing

General

Target

2228e230da3c69acba17d21614710ed7.bin
Size

482KB
Sample

231226-bly88aahc9
MD5

2228e230da3c69acba17d21614710ed7
SHA1

d393023a13d593b78a39ffddf13de02dd4f969d7
SHA256

cfa888e64110e06bbe0d79f2664f048d6eee82a2278dff86c21e1ae6bb6b51f5
SHA512

3c79c9a56185c2019c844e2b6c731eac268567c6ac962e8e5e316cc0532f971e327c8236e7866ffedb41d001edb5e7d5969b353e270e995c1a5af5db007fa7c4
SSDEEP

12288:H+dGf/lHLV+p1VBxjTOYzHHYbkoYDK8kpDpD5fdMV:edUdkn5TOcnYbkK8kpDpD5f

Score

10^/10

amadey spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.14

C2

http://anfesq.com

http://cbinr.com

http://rimakc.ru

Attributes

install_dir
68fd3d7ade
install_file
Utsysc.exe
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  2228e230da3c69acba17d21614710ed7.bin
- Size
  
  482KB
- MD5
  
  2228e230da3c69acba17d21614710ed7
- SHA1
  
  d393023a13d593b78a39ffddf13de02dd4f969d7
- SHA256
  
  cfa888e64110e06bbe0d79f2664f048d6eee82a2278dff86c21e1ae6bb6b51f5
- SHA512
  
  3c79c9a56185c2019c844e2b6c731eac268567c6ac962e8e5e316cc0532f971e327c8236e7866ffedb41d001edb5e7d5969b353e270e995c1a5af5db007fa7c4
- SSDEEP
  
  12288:H+dGf/lHLV+p1VBxjTOYzHHYbkoYDK8kpDpD5fdMV:edUdkn5TOcnYbkK8kpDpD5f
Score

10^/10

amadey spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyspywarestealertrojan

behavioral2

amadeyspywarestealertrojan