General

  • Target

    6d5c042d75b66982548dec466541e80da91b89f1020e3260e5de7301c423919c

  • Size

    1.0MB

  • Sample

    241031-1dcspavphr

  • MD5

    816e38dd08a506586eda581df487dd45

  • SHA1

    b764d18d20c7c281f92e442327d8d4b9807bd9af

  • SHA256

    6d5c042d75b66982548dec466541e80da91b89f1020e3260e5de7301c423919c

  • SHA512

    d19db2c78ad752583d1cd1f2f2e22f9028a0e71e7b43dd8015e47c4031e553720a4c0de1c32bfeeea338e5bb95a827b2a05f28ee2bdc47ee4214896c8140a7b8

  • SSDEEP

    24576:/uPGDp7eaSfNX8VDz3kLYF9uHYFDNFQlojq05KxIjyKE7M:lXCwAyyKSM

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

1bb87a

Attributes
  • strings_key

    7470c4c4ab17610713bab7f29e1a5c96

  • url_paths

    /pLQvfD4d5/index.php

rc4.plain

Targets

    • Target

      6d5c042d75b66982548dec466541e80da91b89f1020e3260e5de7301c423919c

    • Size

      1.0MB

    • MD5

      816e38dd08a506586eda581df487dd45

    • SHA1

      b764d18d20c7c281f92e442327d8d4b9807bd9af

    • SHA256

      6d5c042d75b66982548dec466541e80da91b89f1020e3260e5de7301c423919c

    • SHA512

      d19db2c78ad752583d1cd1f2f2e22f9028a0e71e7b43dd8015e47c4031e553720a4c0de1c32bfeeea338e5bb95a827b2a05f28ee2bdc47ee4214896c8140a7b8

    • SSDEEP

      24576:/uPGDp7eaSfNX8VDz3kLYF9uHYFDNFQlojq05KxIjyKE7M:lXCwAyyKSM

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks