General
-
Target
adb2d6d946f39976de3f5b99d86eb94d8e4345312cc89e010f0851180a7f18b3.exe
-
Size
1.0MB
-
Sample
241219-demmystrax
-
MD5
dd6043fc837d2f087612f35a2553c6c9
-
SHA1
3d663f1323c2999f48fdfbc56b979d71b3e96687
-
SHA256
adb2d6d946f39976de3f5b99d86eb94d8e4345312cc89e010f0851180a7f18b3
-
SHA512
762233e908e32f457539055da920812dd175ce83a1ccaa7a1ae32a10023bd96c28e98d073064564b3f5f054ade74792cd0c7311bf5c0025eed21b1cbc9263889
-
SSDEEP
24576:IWBhVxYlZdJCTgmP/xEcCJnDOEl5woFNEa1mXu5iPajrVT1qnD:IWBhPYrpoCpmX2pjXqnD
Malware Config
Extracted
amadey
5.10
056009
http://62.60.226.15
-
strings_key
c9d48ffd19ff3a755b9ab2fe5196683b
-
url_paths
/8fj482jd9/index.php
Targets
-
-
Target
adb2d6d946f39976de3f5b99d86eb94d8e4345312cc89e010f0851180a7f18b3.exe
-
Size
1.0MB
-
MD5
dd6043fc837d2f087612f35a2553c6c9
-
SHA1
3d663f1323c2999f48fdfbc56b979d71b3e96687
-
SHA256
adb2d6d946f39976de3f5b99d86eb94d8e4345312cc89e010f0851180a7f18b3
-
SHA512
762233e908e32f457539055da920812dd175ce83a1ccaa7a1ae32a10023bd96c28e98d073064564b3f5f054ade74792cd0c7311bf5c0025eed21b1cbc9263889
-
SSDEEP
24576:IWBhVxYlZdJCTgmP/xEcCJnDOEl5woFNEa1mXu5iPajrVT1qnD:IWBhPYrpoCpmX2pjXqnD
Score8/10-
Blocklisted process makes network request
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1