General
-
Target
ed16877abadf55e19c92d02bb013eb6e.exe
-
Size
359KB
-
Sample
221101-mkc55saha6
-
MD5
ed16877abadf55e19c92d02bb013eb6e
-
SHA1
6967bcda8f0cfe3c32d841082e6a9dcd4c7ce9cf
-
SHA256
81dd136301ccf79e39d70732c75d77eaf008868bfe4b9ad45177c04c5dba33c0
-
SHA512
c48dad5f8fa18c1acbd64c766a5601a5f7fc81100418c62cee1ec89cabf1a2f5d557d54c674fc9916fa6960f2907081bf17dce1523b77628adeb21e58c9d74f1
-
SSDEEP
6144:PwYSuXJStqGc0/qa71ZVLosdT3Ctl7ITsq:PwYlXJS5yAZGsBM7
Static task
static1
Behavioral task
behavioral1
Sample
ed16877abadf55e19c92d02bb013eb6e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ed16877abadf55e19c92d02bb013eb6e.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ed16877abadf55e19c92d02bb013eb6e.exe
-
Size
359KB
-
MD5
ed16877abadf55e19c92d02bb013eb6e
-
SHA1
6967bcda8f0cfe3c32d841082e6a9dcd4c7ce9cf
-
SHA256
81dd136301ccf79e39d70732c75d77eaf008868bfe4b9ad45177c04c5dba33c0
-
SHA512
c48dad5f8fa18c1acbd64c766a5601a5f7fc81100418c62cee1ec89cabf1a2f5d557d54c674fc9916fa6960f2907081bf17dce1523b77628adeb21e58c9d74f1
-
SSDEEP
6144:PwYSuXJStqGc0/qa71ZVLosdT3Ctl7ITsq:PwYlXJS5yAZGsBM7
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-