General
-
Target
file.exe
-
Size
558KB
-
Sample
230206-1q2mksga68
-
MD5
8b7d822e3691b3bd9096abfcae9d837b
-
SHA1
2db3f0d006dcf7eb2059d409d83e51158170d133
-
SHA256
bfd668a62053caf09ef559b9310c1888074ceef8c8d88d11beb60b5209f3b811
-
SHA512
0ee655ad4878c22dceeffe595d3d59841b30c9260e8803cea7f94b91348319d66c2c4c06af0dbb8783e57097158ecc7798495fb9fc234c5a071cfe5ebc7e198f
-
SSDEEP
12288:pMrVy90d503cb1ke/T/+CsF+8MaTDmNRnvquX12Ir2+:QyA503QxwHTDmNRnvquF2m
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
file.exe
-
Size
558KB
-
MD5
8b7d822e3691b3bd9096abfcae9d837b
-
SHA1
2db3f0d006dcf7eb2059d409d83e51158170d133
-
SHA256
bfd668a62053caf09ef559b9310c1888074ceef8c8d88d11beb60b5209f3b811
-
SHA512
0ee655ad4878c22dceeffe595d3d59841b30c9260e8803cea7f94b91348319d66c2c4c06af0dbb8783e57097158ecc7798495fb9fc234c5a071cfe5ebc7e198f
-
SSDEEP
12288:pMrVy90d503cb1ke/T/+CsF+8MaTDmNRnvquX12Ir2+:QyA503QxwHTDmNRnvquF2m
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-