General
-
Target
bdf95deb00c14ce7b65ab22859fd2834ddfd46a5f1b5574224ca0a16765c9429
-
Size
631KB
-
Sample
230206-mcptzadd83
-
MD5
300b75071bf33cd6e7e306e0e1992d7b
-
SHA1
4294673bd4f726b947beda6457564b14e9048cae
-
SHA256
bdf95deb00c14ce7b65ab22859fd2834ddfd46a5f1b5574224ca0a16765c9429
-
SHA512
28365c0b88b7052ceb1e2d41a6afbcec25750ad36f389fac99e08c21643fc83066ec766564b70d1533324484be6e30c9cf46d18c660fca501390d79b89ba99f2
-
SSDEEP
12288:UMrky90PfSDOt3YmdP0nsjkPJYmR1x5URdNj4n+b:IyOfSDWD0n7RnORbL
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
bdf95deb00c14ce7b65ab22859fd2834ddfd46a5f1b5574224ca0a16765c9429
-
Size
631KB
-
MD5
300b75071bf33cd6e7e306e0e1992d7b
-
SHA1
4294673bd4f726b947beda6457564b14e9048cae
-
SHA256
bdf95deb00c14ce7b65ab22859fd2834ddfd46a5f1b5574224ca0a16765c9429
-
SHA512
28365c0b88b7052ceb1e2d41a6afbcec25750ad36f389fac99e08c21643fc83066ec766564b70d1533324484be6e30c9cf46d18c660fca501390d79b89ba99f2
-
SSDEEP
12288:UMrky90PfSDOt3YmdP0nsjkPJYmR1x5URdNj4n+b:IyOfSDWD0n7RnORbL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-