Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e59d0159d8a8d384fbce181d6391c6595546a151e178d791618c54214a80ab9

  • Size

    1.2MB

  • Sample

    240526-qh8e2sgf35

  • MD5

    f20dd15a327c9b35d8c0b19a66db9eab

  • SHA1

    d37c28a6693ae4d52e9b3c4513951cdf7400e14e

  • SHA256

    0e59d0159d8a8d384fbce181d6391c6595546a151e178d791618c54214a80ab9

  • SHA512

    4ad7281cac54e4a631890ff6f828ced10ac85b4bb7263f5f61892be02cc4f1df1f292e2dcccd365df42d76db7a856eee2f921be53804bea917a569256a03fad3

  • SSDEEP

    24576:68kQG6YY4wKuSYZofkNLu2Maf45+a9OyP5d/l5UA0:6eKuSYckyfafU9ZPb/nU

Score
10/10
amadey8fc809executionspywarestealer

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://selltix.org

http://otyt.ru

http://nudump.com
Attributes
  • strings_key

    65bac8d4c26069c29f1fd276f7af33f3

  • url_paths

    /forum/index.php

    /forum2/index.php

    /forum3/index.php

rc4.plain

Targets

    • Target

      0e59d0159d8a8d384fbce181d6391c6595546a151e178d791618c54214a80ab9

    • Size

      1.2MB

    • MD5

      f20dd15a327c9b35d8c0b19a66db9eab

    • SHA1

      d37c28a6693ae4d52e9b3c4513951cdf7400e14e

    • SHA256

      0e59d0159d8a8d384fbce181d6391c6595546a151e178d791618c54214a80ab9

    • SHA512

      4ad7281cac54e4a631890ff6f828ced10ac85b4bb7263f5f61892be02cc4f1df1f292e2dcccd365df42d76db7a856eee2f921be53804bea917a569256a03fad3

    • SSDEEP

      24576:68kQG6YY4wKuSYZofkNLu2Maf45+a9OyP5d/l5UA0:6eKuSYckyfafU9ZPb/nU

    Score
    8/10
    executionspywarestealer

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks