General
-
Target
67e2e3605b82d29cc4856069f8dd515c09a6453f19ecb65a11ce523ce69e9f11
-
Size
205KB
-
Sample
221129-nvanfahg3x
-
MD5
853abde2b3839825bfc727f7903e723f
-
SHA1
bdc026580ba67dd81de776765f75a41b9b7f5f70
-
SHA256
67e2e3605b82d29cc4856069f8dd515c09a6453f19ecb65a11ce523ce69e9f11
-
SHA512
e0f4f4defc2dbd36b46969d4dd71b84a0242c4545c6bc84e41d36cd03e3ad898be7c9d3c63e7e587b40562ebff168bcfe9cacd9151385dce57c6c303f2851ee2
-
SSDEEP
3072:PTl5Gju4/5qQHG+s4EFneJykOLR6zKuk+bSmU2nSEwR7:bf+ujQtk6ykOt6mX+WmYEwR
Static task
static1
Behavioral task
behavioral1
Sample
67e2e3605b82d29cc4856069f8dd515c09a6453f19ecb65a11ce523ce69e9f11.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
67e2e3605b82d29cc4856069f8dd515c09a6453f19ecb65a11ce523ce69e9f11
-
Size
205KB
-
MD5
853abde2b3839825bfc727f7903e723f
-
SHA1
bdc026580ba67dd81de776765f75a41b9b7f5f70
-
SHA256
67e2e3605b82d29cc4856069f8dd515c09a6453f19ecb65a11ce523ce69e9f11
-
SHA512
e0f4f4defc2dbd36b46969d4dd71b84a0242c4545c6bc84e41d36cd03e3ad898be7c9d3c63e7e587b40562ebff168bcfe9cacd9151385dce57c6c303f2851ee2
-
SSDEEP
3072:PTl5Gju4/5qQHG+s4EFneJykOLR6zKuk+bSmU2nSEwR7:bf+ujQtk6ykOt6mX+WmYEwR
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-