General
-
Target
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
-
Size
336KB
-
Sample
220523-b8qwcsehap
-
MD5
53f54f7688b7becf3f68ca1ac3cb3565
-
SHA1
b99a8ee9253186f3a19e750e4b9a7cecedb30136
-
SHA256
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b
-
SHA512
a94b97891ae3e7c202746e13912737e9047ba0f5e344ad22c6eba54e15178935db2b3e9b94eb2759294de171588a6cd42ade38dc1bdb98fd16ddafccec6591ad
Static task
static1
Behavioral task
behavioral1
Sample
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
Resource
win7-20220414-en
Malware Config
Extracted
amadey
3.10
185.215.113.35/d2VxjasuwS_old/index.php
Targets
-
-
Target
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b.exe
-
Size
336KB
-
MD5
53f54f7688b7becf3f68ca1ac3cb3565
-
SHA1
b99a8ee9253186f3a19e750e4b9a7cecedb30136
-
SHA256
74e1d92213c0f1cad8c5387f8ec54f7c901a76596afb9e88c30fdd6bca4f005b
-
SHA512
a94b97891ae3e7c202746e13912737e9047ba0f5e344ad22c6eba54e15178935db2b3e9b94eb2759294de171588a6cd42ade38dc1bdb98fd16ddafccec6591ad
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-