General
-
Target
72b42cdc40cb7fef3646928570e700a5dbea7ea2e43c8a4ea24ab352135fdb70
-
Size
382KB
-
Sample
220623-r3dxlsgcc9
-
MD5
9ddabf14b0b855b3dac13f9a6fe27936
-
SHA1
01dc7e82c8750be76d02cc97e1b16a632f9a0c34
-
SHA256
72b42cdc40cb7fef3646928570e700a5dbea7ea2e43c8a4ea24ab352135fdb70
-
SHA512
fdcfcc22f6ba4ef52567fa42b85940c91ee408833bdba768396003f3a8725a7a45bb69314e28cb18e6c5d3e8d11f7d750017bd24ca0d06e55d1b61fbe25e52e5
Static task
static1
Malware Config
Extracted
amadey
3.21
185.215.113.15/Lkb2dxj3/index.php
Targets
-
-
Target
72b42cdc40cb7fef3646928570e700a5dbea7ea2e43c8a4ea24ab352135fdb70
-
Size
382KB
-
MD5
9ddabf14b0b855b3dac13f9a6fe27936
-
SHA1
01dc7e82c8750be76d02cc97e1b16a632f9a0c34
-
SHA256
72b42cdc40cb7fef3646928570e700a5dbea7ea2e43c8a4ea24ab352135fdb70
-
SHA512
fdcfcc22f6ba4ef52567fa42b85940c91ee408833bdba768396003f3a8725a7a45bb69314e28cb18e6c5d3e8d11f7d750017bd24ca0d06e55d1b61fbe25e52e5
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-