General
-
Target
gntuud
-
Size
205KB
-
Sample
221129-jsyj9sae22
-
MD5
df4ae24bf3bc8e1b0fd89b7949add438
-
SHA1
3494a2a5c9233875650f0861d5f0dc6e8ee1389d
-
SHA256
1ef75f987d674da89d8daaab429be2caa53cdc538d638c5e9c1bfd749b776811
-
SHA512
8f3a169706e767bde0c65993053e7c4e0ee27e9d75051026453f11e823bbf8cabccde04f7afa9b7d2fc4431bf446d874c7296e4c6174a8a9bf696fe4035c4295
-
SSDEEP
3072:Xi7WxxM2+r95+Ten0qzG5HSzSVoky2MYKJwGVeBMIvk7xRtwJcefLg+mZLYEP2/Q:S7U+Nn0hHSOKrYKX4vkTqcEM5C/
Static task
static1
Behavioral task
behavioral1
Sample
gntuud.exe
Resource
win7-20220812-en
Malware Config
Extracted
amadey
3.50
77.73.134.66/o7Vsjd3a2f/index.php
Targets
-
-
Target
gntuud
-
Size
205KB
-
MD5
df4ae24bf3bc8e1b0fd89b7949add438
-
SHA1
3494a2a5c9233875650f0861d5f0dc6e8ee1389d
-
SHA256
1ef75f987d674da89d8daaab429be2caa53cdc538d638c5e9c1bfd749b776811
-
SHA512
8f3a169706e767bde0c65993053e7c4e0ee27e9d75051026453f11e823bbf8cabccde04f7afa9b7d2fc4431bf446d874c7296e4c6174a8a9bf696fe4035c4295
-
SSDEEP
3072:Xi7WxxM2+r95+Ten0qzG5HSzSVoky2MYKJwGVeBMIvk7xRtwJcefLg+mZLYEP2/Q:S7U+Nn0hHSOKrYKX4vkTqcEM5C/
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-