amadey | 9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7 | Triage

Sharing

General

Target

SecuriteInfo.com.BScope.Backdoor.Farfli.2656.4301.exe
Size

3.0MB
Sample

240129-ct5lmsfgg3
MD5

3eedb7ab4ab81081e6fe25b117d4698c
SHA1

20540442599ee9f254f3b7adfe116c2890cd227d
SHA256

9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7
SHA512

5e1426b420c647bed333235763517d91aa6f8b19e52b4d100bb2ad8f1024592e1e82b4c15ed2b4275258fca99b2a71b740c2551200973dbb31bbf7343fd2b58d
SSDEEP

49152:ehsWom5L52gTmt+XMnJO39/34+DCTeenrfQpGHu4HSZWYExaO3s45O7ZdyAbm5NQ:eyPi2gTmtyMJO9/o2CFnTQ2jyZWYExaq

Score

10^/10

amadey spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://5.42.66.29

Attributes

install_dir
f60f0ba310
install_file
Dctooux.exe
strings_key
f34f781563773d1d56ad6459936524d1
url_paths
/b9djjcaSed/index.php

rc4.plain

Targets

- Target
  
  SecuriteInfo.com.BScope.Backdoor.Farfli.2656.4301.exe
- Size
  
  3.0MB
- MD5
  
  3eedb7ab4ab81081e6fe25b117d4698c
- SHA1
  
  20540442599ee9f254f3b7adfe116c2890cd227d
- SHA256
  
  9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7
- SHA512
  
  5e1426b420c647bed333235763517d91aa6f8b19e52b4d100bb2ad8f1024592e1e82b4c15ed2b4275258fca99b2a71b740c2551200973dbb31bbf7343fd2b58d
- SSDEEP
  
  49152:ehsWom5L52gTmt+XMnJO39/34+DCTeenrfQpGHu4HSZWYExaO3s45O7ZdyAbm5NQ:eyPi2gTmtyMJO9/o2CFnTQ2jyZWYExaq
Score

10^/10

amadey trojan spyware stealer
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadeyspywarestealertrojan