General
-
Target
63909a02e9e819e404df25eae886b5aa2270e1d8b6643cd34e8e334e123a4d99
-
Size
1.2MB
-
Sample
241217-271bhstkgj
-
MD5
b05829869d6dc7c44d8dcdebef2ec2ce
-
SHA1
5de90430a8a7939c48466f35be17b2ad53e8d6fc
-
SHA256
63909a02e9e819e404df25eae886b5aa2270e1d8b6643cd34e8e334e123a4d99
-
SHA512
bb9f42a8baf374c70b958999d77dcac10f383317b43094bd8babda51d5562046526cfa788dea47a56eccba3fac5467c9cca56018ed8a234f387516bb6652a1e4
-
SSDEEP
24576:5O/VvL5QafhQsnoXyaoMferXQ5rnxQBuLv8Y4yWhfUO9l:45nfhQzOMoA5rnxHv8IWOe
Malware Config
Extracted
amadey
5.10
056009
http://62.60.226.15
-
strings_key
c9d48ffd19ff3a755b9ab2fe5196683b
-
url_paths
/8fj482jd9/index.php
Targets
-
-
Target
63909a02e9e819e404df25eae886b5aa2270e1d8b6643cd34e8e334e123a4d99
-
Size
1.2MB
-
MD5
b05829869d6dc7c44d8dcdebef2ec2ce
-
SHA1
5de90430a8a7939c48466f35be17b2ad53e8d6fc
-
SHA256
63909a02e9e819e404df25eae886b5aa2270e1d8b6643cd34e8e334e123a4d99
-
SHA512
bb9f42a8baf374c70b958999d77dcac10f383317b43094bd8babda51d5562046526cfa788dea47a56eccba3fac5467c9cca56018ed8a234f387516bb6652a1e4
-
SSDEEP
24576:5O/VvL5QafhQsnoXyaoMferXQ5rnxQBuLv8Y4yWhfUO9l:45nfhQzOMoA5rnxHv8IWOe
Score8/10-
Blocklisted process makes network request
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1