General

  • Target

    deff476e62bb3b38fd2e4cfe36c27e03e1b32ad9a540395f7b14de34acf6597bN.exe

  • Size

    1.0MB

  • Sample

    241219-d8w4gswmat

  • MD5

    d63a3769fe739ab7165ac60b424d4c00

  • SHA1

    bc3d6adc338a46efe8dee6e249a18762e6ad60c1

  • SHA256

    deff476e62bb3b38fd2e4cfe36c27e03e1b32ad9a540395f7b14de34acf6597b

  • SHA512

    e0d5beb10825ec7215adb28ec7df04f8447f51a053c030ce80192b04af458910618fe6eba520816dfef8dc3abf4cd3cfa1cbbcbeb561919f792c41ba91eb1014

  • SSDEEP

    24576:IWBhVxYlZdJCTgmP/xEcCJnDOEl5woFNEa1mXu5iPajrVT1qn:IWBhPYrpoCpmX2pjXqn

Malware Config

Extracted

Family

amadey

Version

5.10

Botnet

056009

C2

http://62.60.226.15

Attributes
  • strings_key

    c9d48ffd19ff3a755b9ab2fe5196683b

  • url_paths

    /8fj482jd9/index.php

rc4.plain

Targets

    • Target

      deff476e62bb3b38fd2e4cfe36c27e03e1b32ad9a540395f7b14de34acf6597bN.exe

    • Size

      1.0MB

    • MD5

      d63a3769fe739ab7165ac60b424d4c00

    • SHA1

      bc3d6adc338a46efe8dee6e249a18762e6ad60c1

    • SHA256

      deff476e62bb3b38fd2e4cfe36c27e03e1b32ad9a540395f7b14de34acf6597b

    • SHA512

      e0d5beb10825ec7215adb28ec7df04f8447f51a053c030ce80192b04af458910618fe6eba520816dfef8dc3abf4cd3cfa1cbbcbeb561919f792c41ba91eb1014

    • SSDEEP

      24576:IWBhVxYlZdJCTgmP/xEcCJnDOEl5woFNEa1mXu5iPajrVT1qn:IWBhPYrpoCpmX2pjXqn

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks