General
-
Target
8a75eb40f565ba16ea141ad0473315253ac17c6368ce59506ff6532f219181d1
-
Size
163KB
-
Sample
221129-2ngeashe4t
-
MD5
a40ee335a13fa9076d2d970c142717d3
-
SHA1
ac7326d0da61b19b11be1a29a7fb830402e86f76
-
SHA256
e0a1337f0d535c179e155e034c9fa772c55001d47ae6caab14c16a63b806531c
-
SHA512
f73184c119d17c89ef3189c60f6be103f61b24e8971974c81e3678a12f9f61be3c4490703160dd053f1a2a8bf3697431ba5934bf0481e892d61bf6ba6ecaee99
-
SSDEEP
3072:MdpI6LWMmXf3/nkNIxzGTPdCasbPOP/KbXcz3qQPCRU:MAP3/nkNItBas7OHOS35AU
Static task
static1
Behavioral task
behavioral1
Sample
8a75eb40f565ba16ea141ad0473315253ac17c6368ce59506ff6532f219181d1.exe
Resource
win7-20220812-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
8a75eb40f565ba16ea141ad0473315253ac17c6368ce59506ff6532f219181d1
-
Size
206KB
-
MD5
fa88feb7e83019914c5bc21121a3dca5
-
SHA1
d28d4f68b6d7d91063cae67f5cb950e0bf2bb085
-
SHA256
8a75eb40f565ba16ea141ad0473315253ac17c6368ce59506ff6532f219181d1
-
SHA512
d2925f553cd10be8e185d53fb7490467594d5552fc3ed3ad2eaf5fa9069dd95b3d2de34ce17dbc541c545a0d0aca694c1b31b9a3ac60ab60bc27f838504d7191
-
SSDEEP
3072:FQ2RgCKWIEFKWv5gv7kNIxzGTPBCasbPOP/9BD2sbgnjd5:nWCKWIEgD7kNItjaszOH9M7j
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-