General
-
Target
New_Main_pass1234_v23_gac.rar
-
Size
5.0MB
-
Sample
221128-v16fmagb9v
-
MD5
143d3cebea06e494dac28857dea4fa2a
-
SHA1
4c79f7f6fda0121ded81aa781c7a8dd01b90e070
-
SHA256
a3498b747c3f247311107504bfbf40f6df4823b3b387aeba6b23053a435d2757
-
SHA512
b718d122074e28b5de322929898b6884c0299c2b5b721894d065a73ce2f7e08af5304a3ccdd7c064153746c3a66e38017e87231479cd3b09ec114a90b6ef2d2e
-
SSDEEP
98304:eQeK2XihH8lv/YqtqP2Hr/LtHgF6fVnjD96SjNcH39E0KIgAFOmnMVG:eQL5gYqtqP2Hr/LtHgF6Nj57J+3urmM0
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.9
1707
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1707
Extracted
amadey
3.50
77.73.134.66/o7Vsjd3a2f/index.php
Targets
-
-
Target
Setup.exe
-
Size
401.8MB
-
MD5
e3fdd26f425aa1c0301ae798b98ed228
-
SHA1
6bd049d2e8cc0c9941b1dcd77220e2ab52f3d5d0
-
SHA256
1d0e79992d80178e475124f2c13fb462979e5322f73e61a35d428d11b1d17796
-
SHA512
265c6f714aa2a9393ae260edfa45e4bdfadca6995c462f2ef935073fcf14466613a64e7bfda8f2f7df0406f1e585bf404f3b63b122c54207b367ee3ecf728e84
-
SSDEEP
98304:cEjqxnA7VSTpjBXBYSeGs1TjtLbLvYp1J01ZQ:1+xn4STFBxYJ9Vi01C
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-