General
-
Target
file.exe
-
Size
204KB
-
Sample
221129-24h8tsba5v
-
MD5
efbdd62a08b28e63464f97d0600eaef8
-
SHA1
ee2037450f52a6095cd4365b0035072ee52bd7c2
-
SHA256
3c96f5e66f70af3b7340f1d26163a6f299f6e48e53915f3e5a2d0d8402c15b15
-
SHA512
31c0a4e522865bc0aa653acf25c83c82a997c1dfe04e1d9b0398857b4b26d4c83f5790773663dd4980f8bd807e88273d3cd23258d1fb1cb60ba51ff3a7514c77
-
SSDEEP
3072:VDiatiyRJG2AUp508sUPHK5dsLIZ7WDvACjOm35PiYj+ZH1CagcZPakhYG/1qOl+:Y2i0G2P6SACD35PTjoCago9713+
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
file.exe
-
Size
204KB
-
MD5
efbdd62a08b28e63464f97d0600eaef8
-
SHA1
ee2037450f52a6095cd4365b0035072ee52bd7c2
-
SHA256
3c96f5e66f70af3b7340f1d26163a6f299f6e48e53915f3e5a2d0d8402c15b15
-
SHA512
31c0a4e522865bc0aa653acf25c83c82a997c1dfe04e1d9b0398857b4b26d4c83f5790773663dd4980f8bd807e88273d3cd23258d1fb1cb60ba51ff3a7514c77
-
SSDEEP
3072:VDiatiyRJG2AUp508sUPHK5dsLIZ7WDvACjOm35PiYj+ZH1CagcZPakhYG/1qOl+:Y2i0G2P6SACD35PTjoCago9713+
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-