General
-
Target
350a16fbb1c4aa34cb16cbad6967c0486a8a9f4f25dc54419169f074416ed9e4
-
Size
410KB
-
Sample
221209-zbfacshb2v
-
MD5
473d2c529d33a0d17a9c088ad022b625
-
SHA1
7bcbdb11866032d9acd03e0ec78939ffeb5c3283
-
SHA256
350a16fbb1c4aa34cb16cbad6967c0486a8a9f4f25dc54419169f074416ed9e4
-
SHA512
c2ac3c4822879cccd8dc13d26c013a819ddfdb6e57878ebed5ba58a0033225084d07a2e0ecaadea88d7cd2021b0506a7615e8cbb21620c7f0b4a746cbd8701b6
-
SSDEEP
6144:ABUrf+1GE30SOTusD8xW1wQx2fCbo1u1MSRSB884oCP4y0Hc9PnRIg:sUW0fTusgx6mR1u1RkB8ToTHc9Cg
Static task
static1
Behavioral task
behavioral1
Sample
350a16fbb1c4aa34cb16cbad6967c0486a8a9f4f25dc54419169f074416ed9e4.exe
Resource
win10-20220901-en
Malware Config
Extracted
amadey
3.50
85.209.135.109/jg94cVd30f/index.php
Extracted
systembc
89.22.236.225:4193
176.124.205.5:4193
Targets
-
-
Target
350a16fbb1c4aa34cb16cbad6967c0486a8a9f4f25dc54419169f074416ed9e4
-
Size
410KB
-
MD5
473d2c529d33a0d17a9c088ad022b625
-
SHA1
7bcbdb11866032d9acd03e0ec78939ffeb5c3283
-
SHA256
350a16fbb1c4aa34cb16cbad6967c0486a8a9f4f25dc54419169f074416ed9e4
-
SHA512
c2ac3c4822879cccd8dc13d26c013a819ddfdb6e57878ebed5ba58a0033225084d07a2e0ecaadea88d7cd2021b0506a7615e8cbb21620c7f0b4a746cbd8701b6
-
SSDEEP
6144:ABUrf+1GE30SOTusD8xW1wQx2fCbo1u1MSRSB884oCP4y0Hc9PnRIg:sUW0fTusgx6mR1u1RkB8ToTHc9Cg
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-