General
-
Target
file
-
Size
206KB
-
Sample
221127-flam3sef9s
-
MD5
78609ed44ce80c66d96f0ba5a7177752
-
SHA1
5be06e181b8634514613eae5471d4ad1209a93a8
-
SHA256
38e111156ce0c6edfb44fb3b98376d4dca5a6825c6102c8d54584322c9dff92b
-
SHA512
c72a1f203ef84f72ba740678f9defb055726d8734721d0838685589f0837c36eef30192bd4d681d8593ecee9616a8e4266bed053a4fffc23f6ef7b16101d6fd5
-
SSDEEP
3072:850sx/vFth9B5NU0Q9kpG3dWjMEBSi5oTEgOgLhpiBNpU1L3d8WB2Lw9:xuDhc2pgWjMwSLYgOg1pqPK352Lw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
file
-
Size
206KB
-
MD5
78609ed44ce80c66d96f0ba5a7177752
-
SHA1
5be06e181b8634514613eae5471d4ad1209a93a8
-
SHA256
38e111156ce0c6edfb44fb3b98376d4dca5a6825c6102c8d54584322c9dff92b
-
SHA512
c72a1f203ef84f72ba740678f9defb055726d8734721d0838685589f0837c36eef30192bd4d681d8593ecee9616a8e4266bed053a4fffc23f6ef7b16101d6fd5
-
SSDEEP
3072:850sx/vFth9B5NU0Q9kpG3dWjMEBSi5oTEgOgLhpiBNpU1L3d8WB2Lw9:xuDhc2pgWjMwSLYgOg1pqPK352Lw
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-