Overview

overview

10

Static

static

10

0x00080000...40.dll

windows7-x64

8

0x00080000...40.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000800000001567f-40.dat

  • Size

    1.2MB

  • Sample

    240316-jd3knsge34

  • MD5

    4876ee75ce2712147c41ff1277cd2d30

  • SHA1

    3733dc92318f0c6b92cb201e49151686281acda6

  • SHA256

    bbfba2d40f48c16a53b5806555c08aff1982c3fe4a77964963edbab9d7e672ed

  • SHA512

    9bf25d4d0dfebd287b0c84abb64612b3db00a26b0217490b35925e77487d6c872632c936cedf1205c46ecbf9d4dfc9bc7600bee05afc550b30ae0d0964c5afe9

  • SSDEEP

    24576:7vkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dggVG+yC7:7sMPSYcS5wPi095PbgcG

Score
10/10
amadeyspywarestealer

Malware Config

Extracted

Family

amadey

Version

4.18

Attributes
  • strings_key

    2cd47fa043c815e1a033c67832f3c6a5

  • url_paths

    /j4Fvskd3/index.php

rc4.plain

Targets

    • Target

      0x000800000001567f-40.dat

    • Size

      1.2MB

    • MD5

      4876ee75ce2712147c41ff1277cd2d30

    • SHA1

      3733dc92318f0c6b92cb201e49151686281acda6

    • SHA256

      bbfba2d40f48c16a53b5806555c08aff1982c3fe4a77964963edbab9d7e672ed

    • SHA512

      9bf25d4d0dfebd287b0c84abb64612b3db00a26b0217490b35925e77487d6c872632c936cedf1205c46ecbf9d4dfc9bc7600bee05afc550b30ae0d0964c5afe9

    • SSDEEP

      24576:7vkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dggVG+yC7:7sMPSYcS5wPi095PbgcG

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks