General
-
Target
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
-
Size
205KB
-
Sample
221126-l2ngrsca9y
-
MD5
e9f6fccda69077cfc6d220e0f665264c
-
SHA1
87be46433353c2f746df5f84f14fd21bcd50e55b
-
SHA256
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
-
SHA512
fdf1860fb1061d5ea7f0f742c80b74d2c066bf4602dae1372455f8beb556cda28d049ce82ec3f1569e30f72593647ad8ecf27d2526ff98e16c054433496a18a3
-
SSDEEP
6144:tGmdsSOfjmUFT5w2AgPXELw9oYBAHa5Xhal:EGOfjm6dZEw9oYBAHaOl
Static task
static1
Behavioral task
behavioral1
Sample
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
-
Size
205KB
-
MD5
e9f6fccda69077cfc6d220e0f665264c
-
SHA1
87be46433353c2f746df5f84f14fd21bcd50e55b
-
SHA256
b71c27f07c3367ed0733d3bfc17eec9d101a955cf1f8af003ed8977584778d87
-
SHA512
fdf1860fb1061d5ea7f0f742c80b74d2c066bf4602dae1372455f8beb556cda28d049ce82ec3f1569e30f72593647ad8ecf27d2526ff98e16c054433496a18a3
-
SSDEEP
6144:tGmdsSOfjmUFT5w2AgPXELw9oYBAHa5Xhal:EGOfjm6dZEw9oYBAHaOl
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-