amadey | 52774cf618d18843fc617ea6e340a5fb1e36559d6c0c372c6c5214ab1fb6e34e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52774cf618d18843fc617ea6e340a5fb1e36559d6c0c372c6c5214ab1fb6e34e
Size

1.8MB
Sample

240810-sftvzsyekh
MD5

33f3040b744a6d2a175866104e3953e4
SHA1

5263310e8e4fe7984ca29d9a06accd0d237c208c
SHA256

52774cf618d18843fc617ea6e340a5fb1e36559d6c0c372c6c5214ab1fb6e34e
SHA512

9ae372be827fad0e7a32623b313e9126533e353b319af546b140f2d58617c369b3c0c7054aa3ea8f58face66c8a036960618cfd68b0f897f88e5507eb93f9e82
SSDEEP

24576:XWhAat7ZeOLYOKxBMfRR3JPf77cJCCDQzIP2LBq4rHsq6N53:GhAa5YfuR3N/4DmIPSBXrMq6b3

Score

10^/10

amadey 0163e2 credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0163e2

C2

http://185.215.113.101

Attributes

install_dir
e15c790a46
install_file
Hkbsse.exe
strings_key
0727c27c867fbf8087d1e795f4f7c249
url_paths
/g99kdj4vsA/index.php

rc4.plain

Targets

- Target
  
  52774cf618d18843fc617ea6e340a5fb1e36559d6c0c372c6c5214ab1fb6e34e
- Size
  
  1.8MB
- MD5
  
  33f3040b744a6d2a175866104e3953e4
- SHA1
  
  5263310e8e4fe7984ca29d9a06accd0d237c208c
- SHA256
  
  52774cf618d18843fc617ea6e340a5fb1e36559d6c0c372c6c5214ab1fb6e34e
- SHA512
  
  9ae372be827fad0e7a32623b313e9126533e353b319af546b140f2d58617c369b3c0c7054aa3ea8f58face66c8a036960618cfd68b0f897f88e5507eb93f9e82
- SSDEEP
  
  24576:XWhAat7ZeOLYOKxBMfRR3JPf77cJCCDQzIP2LBq4rHsq6N53:GhAa5YfuR3N/4DmIPSBXrMq6b3
Score

10^/10

amadey 0163e2 credential_access discovery spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey0163e2credential_accessdiscoveryspywarestealertrojan

behavioral2

amadey0163e2credential_accessdiscoveryspywarestealertrojan