General
-
Target
cd43e9d66012e647b996612fead334128c33bf4f80a5d9b18782bd0be8c3750e
-
Size
204KB
-
Sample
221129-y5vrgach48
-
MD5
f88af6c3f17c84755e7cc532d03c8334
-
SHA1
63810d608f61c3c650ec97a00d39a13fb4faf42d
-
SHA256
cd43e9d66012e647b996612fead334128c33bf4f80a5d9b18782bd0be8c3750e
-
SHA512
4f385bca853886ae6cd6a562930f87abfd30d11c770d4899bb4e6d7d3ea5cab117f1ed713c2b508fdb150a2ac74071d6e190b4a3f3f37ddce0647bff2ae87a64
-
SSDEEP
3072:8DJ9ySHbL2mNp5QACSwZBl2B9hHiVprro/tcNeRuL8pvuAv9NUPjKNgANbY5:gyYL2OCNP2lCVp8tRw9ONcKN1bQ
Static task
static1
Behavioral task
behavioral1
Sample
cd43e9d66012e647b996612fead334128c33bf4f80a5d9b18782bd0be8c3750e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.50
193.56.146.194/h49vlBP/index.php
Targets
-
-
Target
cd43e9d66012e647b996612fead334128c33bf4f80a5d9b18782bd0be8c3750e
-
Size
204KB
-
MD5
f88af6c3f17c84755e7cc532d03c8334
-
SHA1
63810d608f61c3c650ec97a00d39a13fb4faf42d
-
SHA256
cd43e9d66012e647b996612fead334128c33bf4f80a5d9b18782bd0be8c3750e
-
SHA512
4f385bca853886ae6cd6a562930f87abfd30d11c770d4899bb4e6d7d3ea5cab117f1ed713c2b508fdb150a2ac74071d6e190b4a3f3f37ddce0647bff2ae87a64
-
SSDEEP
3072:8DJ9ySHbL2mNp5QACSwZBl2B9hHiVprro/tcNeRuL8pvuAv9NUPjKNgANbY5:gyYL2OCNP2lCVp8tRw9ONcKN1bQ
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-