General
-
Target
a6e7f7b6fa1decad0d6d10b1fce1cc5d9173f0238e2d577e872915896eccce6a
-
Size
558KB
-
Sample
230206-1eennsfh99
-
MD5
e44b5433184f7d31291ae2155b61272e
-
SHA1
23c87ee14d25ac98aa0f70e1b1b0059ac01623b2
-
SHA256
a6e7f7b6fa1decad0d6d10b1fce1cc5d9173f0238e2d577e872915896eccce6a
-
SHA512
d966330f83afca5cbb9ea7be646aa0ae094edffea0b33bf2beacfbd7ff78a61d41b0e309fc055ca59b329549f8eaef048b3d58eb1c7923f1e807c74ce5844746
-
SSDEEP
12288:qMrky90kevQmvgWlcwGKxsF+gMaTymNR8LrWVpwt:OyfWlcJ/HTymNR8LrEpwt
Static task
static1
Behavioral task
behavioral1
Sample
a6e7f7b6fa1decad0d6d10b1fce1cc5d9173f0238e2d577e872915896eccce6a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
a6e7f7b6fa1decad0d6d10b1fce1cc5d9173f0238e2d577e872915896eccce6a
-
Size
558KB
-
MD5
e44b5433184f7d31291ae2155b61272e
-
SHA1
23c87ee14d25ac98aa0f70e1b1b0059ac01623b2
-
SHA256
a6e7f7b6fa1decad0d6d10b1fce1cc5d9173f0238e2d577e872915896eccce6a
-
SHA512
d966330f83afca5cbb9ea7be646aa0ae094edffea0b33bf2beacfbd7ff78a61d41b0e309fc055ca59b329549f8eaef048b3d58eb1c7923f1e807c74ce5844746
-
SSDEEP
12288:qMrky90kevQmvgWlcwGKxsF+gMaTymNR8LrWVpwt:OyfWlcJ/HTymNR8LrEpwt
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-