General
-
Target
2239a58cc93fd94dc2806ce7f6af0a0b.exe
-
Size
7.4MB
-
Sample
221209-lv3ccafg2w
-
MD5
2239a58cc93fd94dc2806ce7f6af0a0b
-
SHA1
f09eb7d69bc7440d3d45e14267236a78ac789fcb
-
SHA256
682abd62b6e3c0e8ca57f079cd96f2d3848752eaf7002bdf57bfb512bd242811
-
SHA512
f77c16626a0e17ff79b95f9fded6a365f913896c89baf76d16bcc8706f3ad10a9476c7cbd3f235250b936171c6e958e145c402952506dc0e434a4f911c99fe02
-
SSDEEP
196608:U+rNR2F7EU+iE09OKsRk3PdM+i+8lHFL9AYS:/RWEU+1OP6+X+oYS
Static task
static1
Behavioral task
behavioral1
Sample
2239a58cc93fd94dc2806ce7f6af0a0b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2239a58cc93fd94dc2806ce7f6af0a0b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
85.209.135.109/jg94cVd30f/index.php
Extracted
systembc
89.22.236.225:4193
176.124.205.5:4193
Targets
-
-
Target
2239a58cc93fd94dc2806ce7f6af0a0b.exe
-
Size
7.4MB
-
MD5
2239a58cc93fd94dc2806ce7f6af0a0b
-
SHA1
f09eb7d69bc7440d3d45e14267236a78ac789fcb
-
SHA256
682abd62b6e3c0e8ca57f079cd96f2d3848752eaf7002bdf57bfb512bd242811
-
SHA512
f77c16626a0e17ff79b95f9fded6a365f913896c89baf76d16bcc8706f3ad10a9476c7cbd3f235250b936171c6e958e145c402952506dc0e434a4f911c99fe02
-
SSDEEP
196608:U+rNR2F7EU+iE09OKsRk3PdM+i+8lHFL9AYS:/RWEU+1OP6+X+oYS
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-