MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35
SHA3-384 hash: 3c57a573438200791df6781ac49f9ec67572fdbf81675f499ef035a56d0a7189e44129d00fabd3b38cd227e573232486
SHA1 hash: 178ca4abed0673ddb9a674d8f108c79f33099454
MD5 hash: 7e30a93f146632fb1f17202b76297bc9
humanhash: carbon-nebraska-november-ten
File name:SecuriteInfo.com.Trojan.GenericKD.43529991.18963.10385
Download: download sample
Signature Amadey
File size:1'195'072 bytes
First seen:2020-08-01 19:30:06 UTC
Last seen:2020-08-02 07:33:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fade38f604ff4b0fe3b4d219a73be69c
ssdeep 6144:f8Cinm0n4bfnbnDFRg0KTnnUnmQXnBnpnp5Ln7nLnpbfnRnvnZVnRnbnhLnfnPnp:f8xs
TLSH B1451519BCC04F9ED616487639A557241D9EEE0A4761F00F47E4F6E2F3B3BF1AA80285
Reporter @SecuriteInfoCom
Tags:Amadey

Intelligence


File Origin
# of uploads :
2
# of downloads :
56
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file
Changing the Zone.Identifier stream
Creating a process from a recently created file
Creating a window
Creating a file in the %temp% directory
Launching a process
Reading critical registry keys
Connection attempt
Deleting a recently created file
Running batch commands
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Connection attempt to an infection source
Sending an HTTP GET request to an infection source
Sending an HTTP POST request to an infection source
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.RacStealer
Status:
Malicious
First seen:
2020-07-23 00:49:52 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Creates scheduled task(s)
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Blacklisted process makes network request

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Amadey

Executable exe b7ae0f7d14ce9a3423d5424845c5e70ca17d14b13631f21396248cad04027a35

(this sample)

  
Delivery method
Distributed via web download

Comments