General
-
Target
a738a8b6ba54a5ce95e936b963ed8ca8faff681a19f9d7411bf983705ce86646
-
Size
146KB
-
Sample
221129-kcyqrsfc2t
-
MD5
79c6bd3770029995e98f4b8816008485
-
SHA1
4cab178f8bb093ad98c482616600195c6e256aee
-
SHA256
a738a8b6ba54a5ce95e936b963ed8ca8faff681a19f9d7411bf983705ce86646
-
SHA512
34ec52ee5d7c58b24e48318c2eedb4c15e422bcf45abe1b04a3cc56adb67feca040b0ee563c725f288ea4d2afdae5dfd1f1e966bc448ddea3a6513695dbf3100
-
SSDEEP
3072:uO5Cpqg/vU95Mh+09DjIIzhoJ1C6DoMPP:15CoIvPzyJrH
Static task
static1
Behavioral task
behavioral1
Sample
a738a8b6ba54a5ce95e936b963ed8ca8faff681a19f9d7411bf983705ce86646.exe
Resource
win10-20220812-en
Malware Config
Extracted
amadey
3.50
62.204.41.252/nB8cWack3/index.php
Targets
-
-
Target
a738a8b6ba54a5ce95e936b963ed8ca8faff681a19f9d7411bf983705ce86646
-
Size
146KB
-
MD5
79c6bd3770029995e98f4b8816008485
-
SHA1
4cab178f8bb093ad98c482616600195c6e256aee
-
SHA256
a738a8b6ba54a5ce95e936b963ed8ca8faff681a19f9d7411bf983705ce86646
-
SHA512
34ec52ee5d7c58b24e48318c2eedb4c15e422bcf45abe1b04a3cc56adb67feca040b0ee563c725f288ea4d2afdae5dfd1f1e966bc448ddea3a6513695dbf3100
-
SSDEEP
3072:uO5Cpqg/vU95Mh+09DjIIzhoJ1C6DoMPP:15CoIvPzyJrH
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-