General
-
Target
de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
-
Size
205KB
-
Sample
221126-qpf95sfe84
-
MD5
a41c18de2ac73f9531145a21e7922806
-
SHA1
22bce53c7d2a3e79c74fdf5d5c7f0bcfe94f7290
-
SHA256
de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
-
SHA512
7317a4d186b9d5b9582ab2d16da5bee797f5d3ddc0b4cf1d5345472a6587dc01e5f2d640ad2d808ecfe0b96414c93406c58069f6bf977e846019e38c51cacf61
-
SSDEEP
3072:3UiBC7Qmn5VHL4UHqcnvBfMti4fjWZO8g84nWiFXnlSFqJu4GcmTd7MlkKx:NY7Q4L4kqyoQgiiFXn3GxoZ
Static task
static1
Behavioral task
behavioral1
Sample
de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
-
Size
205KB
-
MD5
a41c18de2ac73f9531145a21e7922806
-
SHA1
22bce53c7d2a3e79c74fdf5d5c7f0bcfe94f7290
-
SHA256
de36a1d9dd93864cc3d5303943866035a58a1871cba42534c4182da145a79851
-
SHA512
7317a4d186b9d5b9582ab2d16da5bee797f5d3ddc0b4cf1d5345472a6587dc01e5f2d640ad2d808ecfe0b96414c93406c58069f6bf977e846019e38c51cacf61
-
SSDEEP
3072:3UiBC7Qmn5VHL4UHqcnvBfMti4fjWZO8g84nWiFXnlSFqJu4GcmTd7MlkKx:NY7Q4L4kqyoQgiiFXn3GxoZ
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-