General
-
Target
da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
-
Size
279KB
-
Sample
221128-j1l67sgg75
-
MD5
b5a829fed3f455e078934b8edfd5d15c
-
SHA1
18917ab16f87217583afd10f35c52952e71e3ae8
-
SHA256
da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
-
SHA512
f2678c558869ed02daf08545ac96b9677644adb1e38bc94d5911888cf95cfc2ee23ecc99978048b6e6d12b6572d69a93d211166facc6d73ee9868b2d6650da3d
-
SSDEEP
3072:g+zlhYNSOlT3wB5JfeFsqBxVc3+mfQYcO1PwhZUX2V0bHhSfbrC+UBkZb1:nnYUOd3w5eFsOcFQ3UXUkHhSfbr5
Static task
static1
Behavioral task
behavioral1
Sample
da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
77.73.134.65/o7VsjdSa2f/index.php
Targets
-
-
Target
da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
-
Size
279KB
-
MD5
b5a829fed3f455e078934b8edfd5d15c
-
SHA1
18917ab16f87217583afd10f35c52952e71e3ae8
-
SHA256
da8e4ab45ade20fd3e120f3f0ded8986e15d7c5a2a1f381a57dc1126f31e9a04
-
SHA512
f2678c558869ed02daf08545ac96b9677644adb1e38bc94d5911888cf95cfc2ee23ecc99978048b6e6d12b6572d69a93d211166facc6d73ee9868b2d6650da3d
-
SSDEEP
3072:g+zlhYNSOlT3wB5JfeFsqBxVc3+mfQYcO1PwhZUX2V0bHhSfbrC+UBkZb1:nnYUOd3w5eFsOcFQ3UXUkHhSfbr5
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-