General
-
Target
d78bd42f2163d4f1558ddd194c3d21bf88347ad352d212076148805b8ae5e3cf
-
Size
206KB
-
Sample
221126-1jkqgsba5w
-
MD5
95389597337f305453c1fc8e26ca6f67
-
SHA1
4aff389ca70f4c03764e556972469f9a5a1cbd6d
-
SHA256
d78bd42f2163d4f1558ddd194c3d21bf88347ad352d212076148805b8ae5e3cf
-
SHA512
e7118f2710bc1ebbaffe7c16645d60bc4a6ab688ba452270fb5b213fd69108efd1c967f96063c31c8564c0da66a3c7c5f0837f879a780ab0cf4d59275ce74ed1
-
SSDEEP
3072:LwPP0KE0klNia5pmpOVDF26BuQ9fcPu5VxZAqIerF9L3sg6nRR979O:us7lNCpuDBJcPujAqbPzeRj9O
Static task
static1
Behavioral task
behavioral1
Sample
d78bd42f2163d4f1558ddd194c3d21bf88347ad352d212076148805b8ae5e3cf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
d78bd42f2163d4f1558ddd194c3d21bf88347ad352d212076148805b8ae5e3cf
-
Size
206KB
-
MD5
95389597337f305453c1fc8e26ca6f67
-
SHA1
4aff389ca70f4c03764e556972469f9a5a1cbd6d
-
SHA256
d78bd42f2163d4f1558ddd194c3d21bf88347ad352d212076148805b8ae5e3cf
-
SHA512
e7118f2710bc1ebbaffe7c16645d60bc4a6ab688ba452270fb5b213fd69108efd1c967f96063c31c8564c0da66a3c7c5f0837f879a780ab0cf4d59275ce74ed1
-
SSDEEP
3072:LwPP0KE0klNia5pmpOVDF26BuQ9fcPu5VxZAqIerF9L3sg6nRR979O:us7lNCpuDBJcPujAqbPzeRj9O
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-