General
-
Target
e22b8a98049d7b829f95f2e50682d5b1.exe
-
Size
279KB
-
Sample
221128-ja8yaabc2s
-
MD5
e22b8a98049d7b829f95f2e50682d5b1
-
SHA1
11e2abb1d17d91c870fbf7c79473214dc9140e23
-
SHA256
572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4
-
SHA512
b3de7056ac5296039c1032c9427dd0d10db5cafd2adfff7918e4f98e9ffc61548414755ba4325a6eb9fc43cded0994da52a5842232e65f3697c9416e085757f8
-
SSDEEP
6144:lAuinvG8S/i0Pr7O4aUopaYaUkHhSfbr5:lVivGr/i0PreEBH0fbr
Static task
static1
Behavioral task
behavioral1
Sample
e22b8a98049d7b829f95f2e50682d5b1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e22b8a98049d7b829f95f2e50682d5b1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
77.73.134.65/o7VsjdSa2f/index.php
Targets
-
-
Target
e22b8a98049d7b829f95f2e50682d5b1.exe
-
Size
279KB
-
MD5
e22b8a98049d7b829f95f2e50682d5b1
-
SHA1
11e2abb1d17d91c870fbf7c79473214dc9140e23
-
SHA256
572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4
-
SHA512
b3de7056ac5296039c1032c9427dd0d10db5cafd2adfff7918e4f98e9ffc61548414755ba4325a6eb9fc43cded0994da52a5842232e65f3697c9416e085757f8
-
SSDEEP
6144:lAuinvG8S/i0Pr7O4aUopaYaUkHhSfbr5:lVivGr/i0PreEBH0fbr
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-