General
-
Target
xsrv2.exe
-
Size
277KB
-
Sample
210501-wacjab48z6
-
MD5
6ee6360780735d4be90b6eb64df15a56
-
SHA1
74b8352d724cf8757f646042cbc3e9339e09c193
-
SHA256
c14ea29de50a8295487fea090d9313dfff27bd3c30b67b82e5d2634dc30ce738
-
SHA512
e981609af406bb73943ec0fff88ad2833d6d3037527e1d1e988cf213b5ca6929180e2ae5421b7c631b63d5629cf01a699c0b701124b75fbf76a9de7500b59d36
Static task
static1
Behavioral task
behavioral1
Sample
xsrv2.exe
Resource
win7v20210410
Malware Config
Extracted
amadey
2.16
176.111.174.114/Hnq8vS/index.php
Targets
-
-
Target
xsrv2.exe
-
Size
277KB
-
MD5
6ee6360780735d4be90b6eb64df15a56
-
SHA1
74b8352d724cf8757f646042cbc3e9339e09c193
-
SHA256
c14ea29de50a8295487fea090d9313dfff27bd3c30b67b82e5d2634dc30ce738
-
SHA512
e981609af406bb73943ec0fff88ad2833d6d3037527e1d1e988cf213b5ca6929180e2ae5421b7c631b63d5629cf01a699c0b701124b75fbf76a9de7500b59d36
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-