MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Amadey

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35
SHA3-384 hash:	3c57a573438200791df6781ac49f9ec67572fdbf81675f499ef035a56d0a7189e44129d00fabd3b38cd227e573232486
SHA1 hash:	178ca4abed0673ddb9a674d8f108c79f33099454
MD5 hash:	7e30a93f146632fb1f17202b76297bc9
humanhash:	carbon-nebraska-november-ten
File name:	SecuriteInfo.com.Trojan.GenericKD.43529991.18963.10385
Download:	download sample
Signature	Amadey Create hunting rule
File size:	1'195'072 bytes
First seen:	2020-08-01 19:30:06 UTC
Last seen:	2020-08-02 07:33:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fade38f604ff4b0fe3b4d219a73be69c (1 x RaccoonStealer, 1 x Amadey)
ssdeep	6144:f8Cinm0n4bfnbnDFRg0KTnnUnmQXnBnpnp5Ln7nLnpbfnRnvnZVnRnbnhLnfnPnp:f8xs
Threatray	121 similar samples on MalwareBazaar
TLSH	B1451519BCC04F9ED616487639A557241D9EEE0A4761F00F47E4F6E2F3B3BF1AA80285
Reporter	SecuriteInfoCom
Tags:	Amadey

Intelligence

File Origin

# of uploads :

# of downloads :

874

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/36977/

Detection(s):

SecuriteInfo.com.Mal.EncPk-APV.643.3955.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file

Changing the Zone.Identifier stream

Creating a process from a recently created file

Creating a window

Creating a file in the %temp% directory

Launching a process

Reading critical registry keys

Connection attempt

Deleting a recently created file

Running batch commands

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Connection attempt to an infection source

Sending an HTTP GET request to an infection source

Sending an HTTP POST request to an infection source

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

24 / 100

Link:

https://www.joesandbox.com/analysis/406711

Signature

Behaviour

Behavior Graph:

Download SVG

Detection:

amadey

Link:

https://mwdb.cert.pl/sample/b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35/

Threat name:

Win32.Trojan.RacStealer

Status:

Malicious

First seen:

2020-07-23 00:49:52 UTC

AV detection:

37 of 48 (77.08%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=w6xa67iuz2ndii6vijeelrphbsqx2ffrgyy7ee4wesgk2bacpi2q._file

Verdict:

suspicious

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200801-7a3xtmxnha/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Creates scheduled task(s)

Adds Run key to start application

Loads dropped DLL

Executes dropped EXE

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Amadey

exe b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/417693/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/36977/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample