General
-
Target
3f231a0d8f001876234b9b01a62a686ba91423333782a171c039330780370846
-
Size
204KB
-
Sample
221129-1al7yshd77
-
MD5
2252b3ed40223767749687889a1e2aaf
-
SHA1
0625c9ac6e80307a32a77d60fd8ba854e3c17528
-
SHA256
3f231a0d8f001876234b9b01a62a686ba91423333782a171c039330780370846
-
SHA512
e1af0cccdefd83eb137c4d750159682863432880f539b55fedc842bb5c82a78f8eb3707e2aa0a9cf357f020454a5dcfba5c49742d163e5d587428335dfc21833
-
SSDEEP
3072:9DIpd9plLk92ZUp5b6eJCWdJPbquzERfVtqC/EE8Indj25+PH3IqU2wIjiO:S97I92lEOuzEJAIndj25U3LR
Static task
static1
Behavioral task
behavioral1
Sample
3f231a0d8f001876234b9b01a62a686ba91423333782a171c039330780370846.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
3f231a0d8f001876234b9b01a62a686ba91423333782a171c039330780370846
-
Size
204KB
-
MD5
2252b3ed40223767749687889a1e2aaf
-
SHA1
0625c9ac6e80307a32a77d60fd8ba854e3c17528
-
SHA256
3f231a0d8f001876234b9b01a62a686ba91423333782a171c039330780370846
-
SHA512
e1af0cccdefd83eb137c4d750159682863432880f539b55fedc842bb5c82a78f8eb3707e2aa0a9cf357f020454a5dcfba5c49742d163e5d587428335dfc21833
-
SSDEEP
3072:9DIpd9plLk92ZUp5b6eJCWdJPbquzERfVtqC/EE8Indj25+PH3IqU2wIjiO:S97I92lEOuzEJAIndj25U3LR
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-