General
-
Target
2c60c9c6d8fc222567737bf76ccb2b62a9806b0693ea31fad828be10ff1ff019
-
Size
246KB
-
Sample
221124-zc4z4sbg4w
-
MD5
e7a73adcc7f95751d508e54d13a4c6aa
-
SHA1
3790965edd1fc9f58e467724fcf6844700cdc212
-
SHA256
2c60c9c6d8fc222567737bf76ccb2b62a9806b0693ea31fad828be10ff1ff019
-
SHA512
5240a66a2b838e2e9ba48ec868706b1f8a75b0ceea536ece40a6f2e65da585aaf92e4a1bb879b2c2b1f085bc4960906c8e6f420c05780d5ffc3bcfd3da78b44d
-
SSDEEP
6144:XHy7wVLBnCVikN2vQO77Rfgppie8tCCDGQ:XHy7wV1nCVikNs7RypiWkG
Static task
static1
Behavioral task
behavioral1
Sample
2c60c9c6d8fc222567737bf76ccb2b62a9806b0693ea31fad828be10ff1ff019.exe
Resource
win10-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
2c60c9c6d8fc222567737bf76ccb2b62a9806b0693ea31fad828be10ff1ff019
-
Size
246KB
-
MD5
e7a73adcc7f95751d508e54d13a4c6aa
-
SHA1
3790965edd1fc9f58e467724fcf6844700cdc212
-
SHA256
2c60c9c6d8fc222567737bf76ccb2b62a9806b0693ea31fad828be10ff1ff019
-
SHA512
5240a66a2b838e2e9ba48ec868706b1f8a75b0ceea536ece40a6f2e65da585aaf92e4a1bb879b2c2b1f085bc4960906c8e6f420c05780d5ffc3bcfd3da78b44d
-
SSDEEP
6144:XHy7wVLBnCVikN2vQO77Rfgppie8tCCDGQ:XHy7wV1nCVikNs7RypiWkG
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-