General
-
Target
file.exe
-
Size
205KB
-
Sample
221126-j4earshb5x
-
MD5
ed8a5490de2cc2a80a5698aa82b40753
-
SHA1
a9135808a2fb4924e802f8982958f0503da1bbb2
-
SHA256
318b47f1989b789cadc743f4e96502c37e4734a822e12c1777e2a3927894da2b
-
SHA512
05f3b82219c8f8f9066b25766acb390cdd46dad6af7fb3dab103ce7a5c15a026b235b31b9ef3b7bb44ac555435a77093ffd40e77dc82f5e8c0b060e67225d7ed
-
SSDEEP
6144:xvf3eHWenjvJt2yH7MvceYm+o7WyVfg5cP3EFJYnqD/wHmt:pwWqtbbMvceYm+6WKtP3pW/emt
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
file.exe
-
Size
205KB
-
MD5
ed8a5490de2cc2a80a5698aa82b40753
-
SHA1
a9135808a2fb4924e802f8982958f0503da1bbb2
-
SHA256
318b47f1989b789cadc743f4e96502c37e4734a822e12c1777e2a3927894da2b
-
SHA512
05f3b82219c8f8f9066b25766acb390cdd46dad6af7fb3dab103ce7a5c15a026b235b31b9ef3b7bb44ac555435a77093ffd40e77dc82f5e8c0b060e67225d7ed
-
SSDEEP
6144:xvf3eHWenjvJt2yH7MvceYm+o7WyVfg5cP3EFJYnqD/wHmt:pwWqtbbMvceYm+6WKtP3pW/emt
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-