General

  • Target

    c8d58a19af87f3b4cb46e229407db645c972d4213e30d0bb1853d5f585db044f

  • Size

    1.2MB

  • Sample

    241031-1mqqxaskht

  • MD5

    609b797441d054c5b5585b6464ad31b6

  • SHA1

    e0697c84bd09ff9e5461cff49efec706cde8cb2a

  • SHA256

    c8d58a19af87f3b4cb46e229407db645c972d4213e30d0bb1853d5f585db044f

  • SHA512

    cfff523af32fbe4e0fe1eafbe8873f6b555aa7cfb3d38a1f1a02c2bfff880e96b411c9678818e05aa2d2eaf4dafa9452057eb25322ef759aaa518ebeb40b1ac9

  • SSDEEP

    24576:Vjm1sk9lP6nWZJaIOo/QHtH9YZ0yNJW+6J7Vb:m96nWerAQHB9yjWz1

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

e13c79

C2

http://154.216.18.163

Attributes
  • strings_key

    c36a315d10d4e2fa9c11c99a6ea2a898

  • url_paths

    /DbjC3fksE/index.php

rc4.plain

Targets

    • Target

      c8d58a19af87f3b4cb46e229407db645c972d4213e30d0bb1853d5f585db044f

    • Size

      1.2MB

    • MD5

      609b797441d054c5b5585b6464ad31b6

    • SHA1

      e0697c84bd09ff9e5461cff49efec706cde8cb2a

    • SHA256

      c8d58a19af87f3b4cb46e229407db645c972d4213e30d0bb1853d5f585db044f

    • SHA512

      cfff523af32fbe4e0fe1eafbe8873f6b555aa7cfb3d38a1f1a02c2bfff880e96b411c9678818e05aa2d2eaf4dafa9452057eb25322ef759aaa518ebeb40b1ac9

    • SSDEEP

      24576:Vjm1sk9lP6nWZJaIOo/QHtH9YZ0yNJW+6J7Vb:m96nWerAQHB9yjWz1

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks