amadey | 622662e4c01c027b1b37ad8480c5a1f6dc56243d3684165c49c7d02b99db59b0 | Triage

Submit
Reports

Overview

overview

Static

static

de81531468...ed.dll

windows7-x64

de81531468...ed.dll

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_622662e4c01c027b1b37ad8480c5a1f6dc56243d3684165c49c7d02b99db59b0
Size

67KB
Sample

241222-fxk8ysvqcl
MD5

f72c91cff2ed4fb85eec7e052904494b
SHA1

ea0aa0c7444c67153a5cb9ddbafe5da14d8f193a
SHA256

622662e4c01c027b1b37ad8480c5a1f6dc56243d3684165c49c7d02b99db59b0
SHA512

d7705905d6c076ed3c9830ab0bbaad50be4a189fa4e62463dfa6b3fde41b322201b081dec28c6048ff8203ab4016997948aa5db42615432162985ac3f50701ad
SSDEEP

1536:YwTH+sWmw/ucpG7IsqWTZBeVINgzUdM4tDnQy01kad:Dj+s6upLBNSWDnMkad

Score

10^/10

amadey collection cred credential_access discovery module spyware stealer trojan

Static task

static1

cred module amadey

3 signatures

Behavioral task

behavioral1

Sample

de81531468982b689451e85d249214d0aa484e2ffedfd32c58d43cf879f29ded.dll

Resource

win7-20240903-en

amadey collection cred credential_access discovery module spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

de81531468982b689451e85d249214d0aa484e2ffedfd32c58d43cf879f29ded.dll

Resource

win10v2004-20241007-en

amadey collection cred credential_access discovery module spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  de81531468982b689451e85d249214d0aa484e2ffedfd32c58d43cf879f29ded.dll
- Size
  
  126KB
- MD5
  
  674cec24e36e0dfaec6290db96dda86e
- SHA1
  
  581e3a7a541cc04641e751fc850d92e07236681f
- SHA256
  
  de81531468982b689451e85d249214d0aa484e2ffedfd32c58d43cf879f29ded
- SHA512
  
  6d9898169073c240fe454bd45065fd7dc8458f1d323925b57eb58fa4305bb0d5631bbceb61835593b225e887e0867186ef637c440460279378cb29e832066029
- SSDEEP
  
  3072:ox7pOYzBektmWDWCMq6As523HeS9FAiZ87vO2rlL3Rne9:ox7ZNht/dMq6AO0a7vVlT
Score

10^/10

amadey collection cred credential_access discovery module spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Detect Amadey credential stealer module
  cred module
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

credmoduleamadey

behavioral1

amadeycollectioncredcredential_accessdiscoverymodulespywarestealertrojan

behavioral2

amadeycollectioncredcredential_accessdiscoverymodulespywarestealertrojan

© 2018-2024

Terms | Privacy