amadey | 96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8 | Triage

Sharing

General

Target

96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8.exe
Size

1.2MB
Sample

240324-c7jw4abc81
MD5

64a2b1b0c4921cb0bc9ae9dc27c49f11
SHA1

098d64e35f507149eba7b0f3b31334f31bf96eca
SHA256

96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8
SHA512

47acda42907a551858612ad561b2e9d228c4646c1755fe90d6c590b0eaa9b45e33980cba59698a9b8cb9f8478d49041b6eaac1a864e79de6dd1447e14483a69a
SSDEEP

24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3

Score

10^/10

amadey spyware stealer

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://194.87.71.43

Attributes

strings_key
5f3718fed2ec5572d2ce198260ba7912
url_paths
/g9jjjbnAdshZ/index.php

rc4.plain

Targets

- Target
  
  96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8.exe
- Size
  
  1.2MB
- MD5
  
  64a2b1b0c4921cb0bc9ae9dc27c49f11
- SHA1
  
  098d64e35f507149eba7b0f3b31334f31bf96eca
- SHA256
  
  96be92bdf278d2ec0a161583dab604f4ce741fe3fbcd78d2e9cd0b5ed19905b8
- SHA512
  
  47acda42907a551858612ad561b2e9d228c4646c1755fe90d6c590b0eaa9b45e33980cba59698a9b8cb9f8478d49041b6eaac1a864e79de6dd1447e14483a69a
- SSDEEP
  
  24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2