General
-
Target
2f136f4c0f51f34e0bf277a6ec0a2de354a8d9f3c047654ce60334cde4a8a06d
-
Size
318KB
-
Sample
221128-phy1yace76
-
MD5
97c5de24ef62cd58d293f37a730e4ad4
-
SHA1
fe8f94ffd5a6822c22ec091d086b46a55dd32e79
-
SHA256
2f136f4c0f51f34e0bf277a6ec0a2de354a8d9f3c047654ce60334cde4a8a06d
-
SHA512
141219e9cb5ee03b9b26b49c0dd692e27f40d51c430507decd03fc51deffe79b96009f4d5cc9707672e27e823cfc61daead94496295628f0c0630ee3bca23d22
-
SSDEEP
6144:/hY/a2/VvrlM8QNt9kko02+ZQg79WiLoUkHhSfbr5w:/+/3/RrlWNgkhxNLoBH0fbr
Static task
static1
Behavioral task
behavioral1
Sample
2f136f4c0f51f34e0bf277a6ec0a2de354a8d9f3c047654ce60334cde4a8a06d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
2f136f4c0f51f34e0bf277a6ec0a2de354a8d9f3c047654ce60334cde4a8a06d
-
Size
318KB
-
MD5
97c5de24ef62cd58d293f37a730e4ad4
-
SHA1
fe8f94ffd5a6822c22ec091d086b46a55dd32e79
-
SHA256
2f136f4c0f51f34e0bf277a6ec0a2de354a8d9f3c047654ce60334cde4a8a06d
-
SHA512
141219e9cb5ee03b9b26b49c0dd692e27f40d51c430507decd03fc51deffe79b96009f4d5cc9707672e27e823cfc61daead94496295628f0c0630ee3bca23d22
-
SSDEEP
6144:/hY/a2/VvrlM8QNt9kko02+ZQg79WiLoUkHhSfbr5w:/+/3/RrlWNgkhxNLoBH0fbr
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-