General

  • Target

    96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8

  • Size

    1.2MB

  • Sample

    240323-jd8fxshc5v

  • MD5

    64a2b1b0c4921cb0bc9ae9dc27c49f11

  • SHA1

    098d64e35f507149eba7b0f3b31334f31bf96eca

  • SHA256

    96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8

  • SHA512

    47acda42907a551858612ad561b2e9d228c4646c1755fe90d6c590b0eaa9b45e33980cba59698a9b8cb9f8478d49041b6eaac1a864e79de6dd1447e14483a69a

  • SSDEEP

    24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://194.87.71.43

Attributes
  • strings_key

    5f3718fed2ec5572d2ce198260ba7912

  • url_paths

    /g9jjjbnAdshZ/index.php

rc4.plain

Targets

    • Target

      96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8

    • Size

      1.2MB

    • MD5

      64a2b1b0c4921cb0bc9ae9dc27c49f11

    • SHA1

      098d64e35f507149eba7b0f3b31334f31bf96eca

    • SHA256

      96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8

    • SHA512

      47acda42907a551858612ad561b2e9d228c4646c1755fe90d6c590b0eaa9b45e33980cba59698a9b8cb9f8478d49041b6eaac1a864e79de6dd1447e14483a69a

    • SSDEEP

      24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3

    Score
    8/10
    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks