General
-
Target
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
-
Size
207KB
-
Sample
221126-v3fmzsee8y
-
MD5
b8163409efad572bc7627feafd46452d
-
SHA1
882f5b58827cc7cb4faef3eb590728cd9764829d
-
SHA256
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
-
SHA512
774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93
-
SSDEEP
3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG
Static task
static1
Behavioral task
behavioral1
Sample
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
-
Size
207KB
-
MD5
b8163409efad572bc7627feafd46452d
-
SHA1
882f5b58827cc7cb4faef3eb590728cd9764829d
-
SHA256
cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366
-
SHA512
774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93
-
SSDEEP
3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-