General
-
Target
file
-
Size
206KB
-
Sample
221126-1j2zrsba8s
-
MD5
0799af8b2a64ae893d55e783cabc046c
-
SHA1
a85db9123e672d31f6200988f51fbc03b353725a
-
SHA256
c5193831b8213553f51767e00d377b0ac83dc51811a3d17bdc207599900a8a16
-
SHA512
32054f92ac432c18ba69e51c2e9a770abdae4944cd2bdbaa48f19b79849b09fe8faf6ea88a999c63e8dff9a0cc390022cb2d0d4d9b71a7818fc11049d012fa10
-
SSDEEP
3072:M7N9Ix/tp8aia5NjgG6AGulANKzq83Noyg0WDe9eXRr4o9KmWm7li:49ub8a7nUoldoyP6Dhr4CKmWAA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
file
-
Size
206KB
-
MD5
0799af8b2a64ae893d55e783cabc046c
-
SHA1
a85db9123e672d31f6200988f51fbc03b353725a
-
SHA256
c5193831b8213553f51767e00d377b0ac83dc51811a3d17bdc207599900a8a16
-
SHA512
32054f92ac432c18ba69e51c2e9a770abdae4944cd2bdbaa48f19b79849b09fe8faf6ea88a999c63e8dff9a0cc390022cb2d0d4d9b71a7818fc11049d012fa10
-
SSDEEP
3072:M7N9Ix/tp8aia5NjgG6AGulANKzq83Noyg0WDe9eXRr4o9KmWm7li:49ub8a7nUoldoyP6Dhr4CKmWAA
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-