General
-
Target
e6b5572e56e33102ab37332767d95952_JaffaCakes118
-
Size
124KB
-
Sample
240408-fxbdrahe98
-
MD5
e6b5572e56e33102ab37332767d95952
-
SHA1
5866b15b2985b7f53d1d44d5e6899beb631c15a1
-
SHA256
a92dbfd52b23a42020e4470ffa8b3dd1199acfad7a84dae298a047b904f31710
-
SHA512
1cef3bf717247c87efed9f5467ee733584b83126cf6c18fae6d187a8bb5666ad65dc16f0c93f120ec45362e7f3c0860dd66f6030574faf99f02583253bbfdb34
-
SSDEEP
3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml
Malware Config
Targets
-
-
Target
e6b5572e56e33102ab37332767d95952_JaffaCakes118
-
Size
124KB
-
MD5
e6b5572e56e33102ab37332767d95952
-
SHA1
5866b15b2985b7f53d1d44d5e6899beb631c15a1
-
SHA256
a92dbfd52b23a42020e4470ffa8b3dd1199acfad7a84dae298a047b904f31710
-
SHA512
1cef3bf717247c87efed9f5467ee733584b83126cf6c18fae6d187a8bb5666ad65dc16f0c93f120ec45362e7f3c0860dd66f6030574faf99f02583253bbfdb34
-
SSDEEP
3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-