General
-
Target
c6aabb27450f1a9939a417e86bf53217.dll.exe
-
Size
1.2MB
-
Sample
241213-hj7wxa1mhz
-
MD5
c6aabb27450f1a9939a417e86bf53217
-
SHA1
b8ef3bb7575139fd6997379415d7119e452b5fc4
-
SHA256
b91a3743c7399aee454491862e015ef6fc668a25d1aa2816e065a86a03f6be35
-
SHA512
e5fe205cb0f419e0a320488d6fa4a70e5ed58f25b570b41412ebd4f32bbe504ff75acb20bfea22513102630cf653a41e5090051f20af2ed3aadb53ce16a05944
-
SSDEEP
24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
Malware Config
Extracted
amadey
5.10
0f3be6
http://185.81.68.147
http://185.81.68.148
-
strings_key
d3a5912ea69ad34a2387af70c8be9e21
-
url_paths
/7vhfjke3/index.php
/8Fvu5jh4DbS/index.php
Targets
-
-
Target
c6aabb27450f1a9939a417e86bf53217.dll.exe
-
Size
1.2MB
-
MD5
c6aabb27450f1a9939a417e86bf53217
-
SHA1
b8ef3bb7575139fd6997379415d7119e452b5fc4
-
SHA256
b91a3743c7399aee454491862e015ef6fc668a25d1aa2816e065a86a03f6be35
-
SHA512
e5fe205cb0f419e0a320488d6fa4a70e5ed58f25b570b41412ebd4f32bbe504ff75acb20bfea22513102630cf653a41e5090051f20af2ed3aadb53ce16a05944
-
SSDEEP
24576:BO//kL3TtMhQsnoXyajMK8fCZEqcAxQBuLv8YPKpTG:z3pMhQzRM3MfcAxHv8t
Score8/10-
Blocklisted process makes network request
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1