General
-
Target
27b24096f69f1265f45df211937740f504da140524db4d7cf82ed00e5f067586
-
Size
631KB
-
Sample
230206-mgrjcsdd93
-
MD5
636f6349e9f4a2757ba7baceec16bea5
-
SHA1
887b1e6a9705ce19604d0d2c6f235bed70dbcc45
-
SHA256
27b24096f69f1265f45df211937740f504da140524db4d7cf82ed00e5f067586
-
SHA512
87cb2eb2af56ab58bda5dbc3b098c58a9bf9e1342ae3b41299efc973fa7c7787bfae3f94396c6068a795259433ccb18d461e5c86421956d23c379c85ab87a2f8
-
SSDEEP
12288:YMrKy90YocbPHF2OAhBKbUmDdPuxsjkPJYKRzx5qRFN02:iyC82LhBKIm9uxPRt0RT02
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
27b24096f69f1265f45df211937740f504da140524db4d7cf82ed00e5f067586
-
Size
631KB
-
MD5
636f6349e9f4a2757ba7baceec16bea5
-
SHA1
887b1e6a9705ce19604d0d2c6f235bed70dbcc45
-
SHA256
27b24096f69f1265f45df211937740f504da140524db4d7cf82ed00e5f067586
-
SHA512
87cb2eb2af56ab58bda5dbc3b098c58a9bf9e1342ae3b41299efc973fa7c7787bfae3f94396c6068a795259433ccb18d461e5c86421956d23c379c85ab87a2f8
-
SSDEEP
12288:YMrKy90YocbPHF2OAhBKbUmDdPuxsjkPJYKRzx5qRFN02:iyC82LhBKIm9uxPRt0RT02
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-