General
-
Target
892ddfd31755f18251851cc83f25f944d4ff2420cc8b04972d2bce373a6eab2d
-
Size
205KB
-
Sample
221129-wf2glsef8t
-
MD5
cbda3b1c7918e3352dc9d2a3f920220c
-
SHA1
3c5d025b3ef6e36e4412d058f5cbae5d6ace1e4d
-
SHA256
892ddfd31755f18251851cc83f25f944d4ff2420cc8b04972d2bce373a6eab2d
-
SHA512
714c7d263314f5cc389634b0d195c43add8c7d97fd6074be128ae1befbfb53a20a6ba3262526cd2f2104f7b40370bca2c4f6b2b4825e0a7d60cbf5daf0fba523
-
SSDEEP
6144:p9MaQGzJwb+j5cpuaHPOnk7fBXh2rkLYJ3:pmijwHPxqm8
Static task
static1
Behavioral task
behavioral1
Sample
892ddfd31755f18251851cc83f25f944d4ff2420cc8b04972d2bce373a6eab2d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.50
31.41.244.17/hfk3vK9/index.php
Targets
-
-
Target
892ddfd31755f18251851cc83f25f944d4ff2420cc8b04972d2bce373a6eab2d
-
Size
205KB
-
MD5
cbda3b1c7918e3352dc9d2a3f920220c
-
SHA1
3c5d025b3ef6e36e4412d058f5cbae5d6ace1e4d
-
SHA256
892ddfd31755f18251851cc83f25f944d4ff2420cc8b04972d2bce373a6eab2d
-
SHA512
714c7d263314f5cc389634b0d195c43add8c7d97fd6074be128ae1befbfb53a20a6ba3262526cd2f2104f7b40370bca2c4f6b2b4825e0a7d60cbf5daf0fba523
-
SSDEEP
6144:p9MaQGzJwb+j5cpuaHPOnk7fBXh2rkLYJ3:pmijwHPxqm8
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-