General

  • Target

    76cdc15aac6a643f33d05f1d92971feb91f61446d5d85c15d6dbd53df2ca0deb

  • Size

    1.2MB

  • Sample

    241031-1mqqxathlj

  • MD5

    4ee14c120abf1d75584ce94b307acfb3

  • SHA1

    86f0303c1f97ee1bc82e2e32722c60dd8da4de26

  • SHA256

    76cdc15aac6a643f33d05f1d92971feb91f61446d5d85c15d6dbd53df2ca0deb

  • SHA512

    a359aa2f99d253941a77422bd69d87db9d85559ea34dc0c062904c5221e58e2d92248a8679ae1e03ae6086203f5f979296e828a3319ecb52348a950639c7804a

  • SSDEEP

    24576:+jm1sk9lP6nWZJaIOo/QHtH9YZ0yNJW+6JThb:J96nWerAQHB9yjWz9

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

242690

C2

http://152.89.198.124

Attributes
  • strings_key

    d65efd3e01e02b8f77a65ce86768ba84

  • url_paths

    /8bdDsv3dk2FF/index.php

rc4.plain

Targets

    • Target

      76cdc15aac6a643f33d05f1d92971feb91f61446d5d85c15d6dbd53df2ca0deb

    • Size

      1.2MB

    • MD5

      4ee14c120abf1d75584ce94b307acfb3

    • SHA1

      86f0303c1f97ee1bc82e2e32722c60dd8da4de26

    • SHA256

      76cdc15aac6a643f33d05f1d92971feb91f61446d5d85c15d6dbd53df2ca0deb

    • SHA512

      a359aa2f99d253941a77422bd69d87db9d85559ea34dc0c062904c5221e58e2d92248a8679ae1e03ae6086203f5f979296e828a3319ecb52348a950639c7804a

    • SSDEEP

      24576:+jm1sk9lP6nWZJaIOo/QHtH9YZ0yNJW+6JThb:J96nWerAQHB9yjWz9

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks