General
-
Target
file
-
Size
208KB
-
Sample
221127-nyc8qsec58
-
MD5
3e21f9049be03c7dd0bb1d9b18f38e89
-
SHA1
e66aecadddce4cfd1188fbef5c46345dd9216604
-
SHA256
15a925076bfe22876522e2042abc851c01a70ec4eff001caf63241f68a87c5f1
-
SHA512
bf1b6dcc9d783e3e67e0f33ea67dbb8d33a8544b9ee813eb27b2ef3902c3644e11c590c31db7ed29baa1ac8278f5ef21bcdab93ecf26d0b9ec653c0c7b734f47
-
SSDEEP
3072:+PdWwqAPIilDvJOXW5QUuk6fPL3o8xmmX0RCNdkjwx3PxFJV9qcZFI6NP:0+cbJODeshxl08DRxfxFRhZFnt
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
file
-
Size
208KB
-
MD5
3e21f9049be03c7dd0bb1d9b18f38e89
-
SHA1
e66aecadddce4cfd1188fbef5c46345dd9216604
-
SHA256
15a925076bfe22876522e2042abc851c01a70ec4eff001caf63241f68a87c5f1
-
SHA512
bf1b6dcc9d783e3e67e0f33ea67dbb8d33a8544b9ee813eb27b2ef3902c3644e11c590c31db7ed29baa1ac8278f5ef21bcdab93ecf26d0b9ec653c0c7b734f47
-
SSDEEP
3072:+PdWwqAPIilDvJOXW5QUuk6fPL3o8xmmX0RCNdkjwx3PxFJV9qcZFI6NP:0+cbJODeshxl08DRxfxFRhZFnt
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-