amadey | d248640a7f0fd387d074869ef8830793b4a47c40a34d38cf0d6a2b308c25090c | Triage

Sharing

General

Target

d248640a7f0fd387d074869ef8830793b4a47c40a34d38cf0d6a2b308c25090c
Size

344KB
Sample

240305-zp1hfshb2z
MD5

59c7a96b347bed60b399c35db32e371b
SHA1

08375ff4c38eee06dc38b22a55b7e69e8c7c91bc
SHA256

d248640a7f0fd387d074869ef8830793b4a47c40a34d38cf0d6a2b308c25090c
SHA512

3bb913637e247be59c0582cd3466b4ff7c72e7c83c77b1c358befc0e5cc745af3931aa667a9faa19a3b7d32a22cd4c9b08eaee4c4f71cd7cd8794eb13e08dcfd
SSDEEP

6144:ejb6cDEikH89AO/+YDh7SOIuYSh99YH2ozmK:+bz5kHEjIuiRD

Score

10^/10

amadey spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.14

C2

http://anfesq.com

http://cbinr.com

http://rimakc.ru

Attributes

install_dir
68fd3d7ade
install_file
Utsysc.exe
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  d248640a7f0fd387d074869ef8830793b4a47c40a34d38cf0d6a2b308c25090c
- Size
  
  344KB
- MD5
  
  59c7a96b347bed60b399c35db32e371b
- SHA1
  
  08375ff4c38eee06dc38b22a55b7e69e8c7c91bc
- SHA256
  
  d248640a7f0fd387d074869ef8830793b4a47c40a34d38cf0d6a2b308c25090c
- SHA512
  
  3bb913637e247be59c0582cd3466b4ff7c72e7c83c77b1c358befc0e5cc745af3931aa667a9faa19a3b7d32a22cd4c9b08eaee4c4f71cd7cd8794eb13e08dcfd
- SSDEEP
  
  6144:ejb6cDEikH89AO/+YDh7SOIuYSh99YH2ozmK:+bz5kHEjIuiRD
Score

10^/10

amadey spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyspywarestealertrojan

behavioral2

amadeyspywarestealertrojan