General
-
Target
47b8bd1c1c84fe394d7928db10e73412bc8fb0c5b6c8ed300fffa0734c1ececf
-
Size
204KB
-
Sample
221129-khn4hsff4x
-
MD5
32f096faa72cb8466f9c84a543874f47
-
SHA1
966cd93218feec921105176a522e556764ff4c48
-
SHA256
47b8bd1c1c84fe394d7928db10e73412bc8fb0c5b6c8ed300fffa0734c1ececf
-
SHA512
179ab29e2676f593f94ed6906518dad9e5deabd0c0ebc770b938e6b882aac7ab29af5214eef63db8978e6fcba9c27335449428522532aa404d19f71858e0eacd
-
SSDEEP
3072:wpgnyoh95STD9XedDdMdjsBKzFbb/miz8v3L6x6i1lIqYelQvJ:6gf5ijxzFWiwvGtIq1U
Static task
static1
Behavioral task
behavioral1
Sample
47b8bd1c1c84fe394d7928db10e73412bc8fb0c5b6c8ed300fffa0734c1ececf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
47b8bd1c1c84fe394d7928db10e73412bc8fb0c5b6c8ed300fffa0734c1ececf
-
Size
204KB
-
MD5
32f096faa72cb8466f9c84a543874f47
-
SHA1
966cd93218feec921105176a522e556764ff4c48
-
SHA256
47b8bd1c1c84fe394d7928db10e73412bc8fb0c5b6c8ed300fffa0734c1ececf
-
SHA512
179ab29e2676f593f94ed6906518dad9e5deabd0c0ebc770b938e6b882aac7ab29af5214eef63db8978e6fcba9c27335449428522532aa404d19f71858e0eacd
-
SSDEEP
3072:wpgnyoh95STD9XedDdMdjsBKzFbb/miz8v3L6x6i1lIqYelQvJ:6gf5ijxzFWiwvGtIq1U
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-