MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e48e3149bd89da8376ebc911d1f14d7998bb4f7cd1042c84db630b29ee9e5d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Amadey


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e48e3149bd89da8376ebc911d1f14d7998bb4f7cd1042c84db630b29ee9e5d0
SHA3-384 hash: f04c0aff73eda93aeb865829ab551e178f7ce845a8ddcd82ae397f17aaee2b37fc288bb95b2293011ab4d3406b2082ce
SHA1 hash: 0e8dc0d72d1a5dad195bc4f3bc5e401737c98d2f
MD5 hash: b7d1f9e128f1cb3c959f8abd4b112ee6
humanhash: uniform-quebec-apart-eight
File name:unfeminized.exe
Download: download sample
Signature Amadey
Create hunting rule
File size:110'592 bytes
First seen:2020-05-03 07:32:19 UTC
Last seen:2020-05-03 16:52:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cca233e53f57a2b88751d365209fb1b0 (1 x Amadey, 1 x GuLoader)
ssdeep 768:yUGAJ2fWH57sYUjfnMX1ofYwSb8m2da6QF55D0o/dA:dGY2eNsY6/MXtMmYarTpBd
Threatray 618 similar samples on MalwareBazaar
TLSH 5BB34EE032FD4DC6EA659A7E49D3D221357CF9E087638B870674B8760F62F8239D0616
Reporter abuse_ch
Tags:Amadey DEU exe geo GMX


Avatar
abuse_ch
Malspam distributing Amadey:

HELO: mout.kundenserver.de
Sending IP: 212.227.126.130
From: "GMX Pro Mail" <julian@stahmer-immobilien.de>
Subject: Ihr Monatsabo
Attachment: Buchung_3.xlsm

Amadey payload URL:
http://invoice7mukszq9nbpa7online.ru/unfeminized.exe

Amadey C2:
http://invoice9kat5ggmml0c6online.ru/bNyg4dSX/index.php

Amadey C2 domain names:
centerlog-idcheck89320942.ru
idcheck-centerlog98324932.ru
invoice55hnlfnw7fnyvonline.ru
invoice9kat5ggmml0c6online.ru
invoiceydghup14j6l0tonline.ru
panel0panel1.ru

Intelligence

File Origin
# of uploads :
3
# of downloads :
331
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generickdz-6907156-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Deyma
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 00:33:25 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzeogfe33co2qn3oxsir2hyu26myxnhxzuiefscnwyylfhxj4xia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
Amadey
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
Amadey
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
Amadey
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
Amadey
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
Amadey
c8ea056cb229cc17d43217a6aba42320468cfaea55d6f9846b5f402bab6b06d0
Amadey
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
Amadey
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
Amadey
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
Amadey
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
Amadey
+ 608 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Amadey

Excel file xlsm 42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9

Amadey

Executable exe 2e48e3149bd89da8376ebc911d1f14d7998bb4f7cd1042c84db630b29ee9e5d0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/356530/
  
Dropped by
MD5 7595dc40f4afafd883b97b2690c04fe0
  
Dropped by
SHA256 42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9
  
Delivery method
Distributed via web download

Comments