General
-
Target
6be07a7a32ba150b354d213e8ae5a1b220aed9acf248b14a7162625044cc1a11
-
Size
205KB
-
Sample
221126-lghqsagd32
-
MD5
5455affcb52b4514c942a98346977925
-
SHA1
f8856c07da848de7ff125af830d47d3c13d1396b
-
SHA256
6be07a7a32ba150b354d213e8ae5a1b220aed9acf248b14a7162625044cc1a11
-
SHA512
6887bdd61a2e79ffafd03085afae71a6e84ac9dde4010a37d51d78137d4f7cb44e9ae74dd0bab68a177d107571666a163ec622087e77d2ef12e6064190bda255
-
SSDEEP
3072:DNPhIWKYF8F5kSU0MFbrNUAzdJwhv34uhhP7ywAr1LBlX03h1Yx455u0HfwU:4WKYMUtbRUAx834aDRABjX03hYO3w
Static task
static1
Behavioral task
behavioral1
Sample
6be07a7a32ba150b354d213e8ae5a1b220aed9acf248b14a7162625044cc1a11.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
6be07a7a32ba150b354d213e8ae5a1b220aed9acf248b14a7162625044cc1a11
-
Size
205KB
-
MD5
5455affcb52b4514c942a98346977925
-
SHA1
f8856c07da848de7ff125af830d47d3c13d1396b
-
SHA256
6be07a7a32ba150b354d213e8ae5a1b220aed9acf248b14a7162625044cc1a11
-
SHA512
6887bdd61a2e79ffafd03085afae71a6e84ac9dde4010a37d51d78137d4f7cb44e9ae74dd0bab68a177d107571666a163ec622087e77d2ef12e6064190bda255
-
SSDEEP
3072:DNPhIWKYF8F5kSU0MFbrNUAzdJwhv34uhhP7ywAr1LBlX03h1Yx455u0HfwU:4WKYMUtbRUAx834aDRABjX03hYO3w
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-