General
-
Target
d3a0475ecad1704fc74830e9e7dcbbedc5da2eb04de4bd3b490acd65d3063380
-
Size
631KB
-
Sample
230206-mlvftagg4w
-
MD5
4552a8146301b83f5f8d091433839864
-
SHA1
6595d711c0817e3539816a6613a0cebe1d3ae82e
-
SHA256
d3a0475ecad1704fc74830e9e7dcbbedc5da2eb04de4bd3b490acd65d3063380
-
SHA512
af16319317e14e68941371654fe4003f615b0ea5b7e42d0e2e828a9e16b8f83e5471172f238a9f5430fe738fc51825beddd8ab6654621857ddc8a5e9ebeba656
-
SSDEEP
12288:MMr4y90J92gh4mAeHgcC1ToH6FGz+9UsdPWhsjkPJYqRHx5ARlNS9KlWbO:Ey9gmdelkGC9ZWhdRRaRzUbO
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
d3a0475ecad1704fc74830e9e7dcbbedc5da2eb04de4bd3b490acd65d3063380
-
Size
631KB
-
MD5
4552a8146301b83f5f8d091433839864
-
SHA1
6595d711c0817e3539816a6613a0cebe1d3ae82e
-
SHA256
d3a0475ecad1704fc74830e9e7dcbbedc5da2eb04de4bd3b490acd65d3063380
-
SHA512
af16319317e14e68941371654fe4003f615b0ea5b7e42d0e2e828a9e16b8f83e5471172f238a9f5430fe738fc51825beddd8ab6654621857ddc8a5e9ebeba656
-
SSDEEP
12288:MMr4y90J92gh4mAeHgcC1ToH6FGz+9UsdPWhsjkPJYqRHx5ARlNS9KlWbO:Ey9gmdelkGC9ZWhdRRaRzUbO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-