General

  • Target

    014e6a5a3f89e51d3217083088c06a47a61f8245509e37894fc6a3fb1a97ee5c

  • Size

    1.0MB

  • Sample

    241031-1f9v7svqcp

  • MD5

    4d36451ebd4d951a082d22d5b73bf5ff

  • SHA1

    9e50d8cf08c6e42b592af2355a7e15e4b9049bf8

  • SHA256

    014e6a5a3f89e51d3217083088c06a47a61f8245509e37894fc6a3fb1a97ee5c

  • SHA512

    1273467bc92f76953f318d8a5f8f23dd7def40e8b93351452cc08675892631eccbe3bb473ee810e0b99ab4d73aec021f44765ad45ef6d412d9c96ef40d894cbc

  • SSDEEP

    24576:EuPGDp7ea1ntX8tzz3kLYF9WHYND9PJlfEC05ar3uJK+t8V:qnVoA9JKW8V

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

242690

C2

http://152.89.198.124

Attributes
  • strings_key

    d65efd3e01e02b8f77a65ce86768ba84

  • url_paths

    /8bdDsv3dk2FF/index.php

rc4.plain

Targets

    • Target

      014e6a5a3f89e51d3217083088c06a47a61f8245509e37894fc6a3fb1a97ee5c

    • Size

      1.0MB

    • MD5

      4d36451ebd4d951a082d22d5b73bf5ff

    • SHA1

      9e50d8cf08c6e42b592af2355a7e15e4b9049bf8

    • SHA256

      014e6a5a3f89e51d3217083088c06a47a61f8245509e37894fc6a3fb1a97ee5c

    • SHA512

      1273467bc92f76953f318d8a5f8f23dd7def40e8b93351452cc08675892631eccbe3bb473ee810e0b99ab4d73aec021f44765ad45ef6d412d9c96ef40d894cbc

    • SSDEEP

      24576:EuPGDp7ea1ntX8tzz3kLYF9WHYND9PJlfEC05ar3uJK+t8V:qnVoA9JKW8V

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks