General
-
Target
0676a998434e39ddb639332fb701c066f24841ef8d502bd639f4e895d07f4781
-
Size
643KB
-
Sample
230206-mvs94sde67
-
MD5
aff1d109f9cd44eee67a4cb384478d3b
-
SHA1
8b4b1fbea6d787a64eb932d28fb2fe9909c0b776
-
SHA256
0676a998434e39ddb639332fb701c066f24841ef8d502bd639f4e895d07f4781
-
SHA512
af88b0e2c02f817a93be991f928f51542d339964e2b78b234e1bc7aeddbfefc8ac200e37ee26e6466786f47c9f135692fc94fdf189b80c67bce507e9d958fcf6
-
SSDEEP
12288:yMrry90knhKVBVhSVt89VEOF/pjFoQC7ETuQ2mw083dn5G:1yfsVrhKsOofo/7ET/O0Yd5G
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
0676a998434e39ddb639332fb701c066f24841ef8d502bd639f4e895d07f4781
-
Size
643KB
-
MD5
aff1d109f9cd44eee67a4cb384478d3b
-
SHA1
8b4b1fbea6d787a64eb932d28fb2fe9909c0b776
-
SHA256
0676a998434e39ddb639332fb701c066f24841ef8d502bd639f4e895d07f4781
-
SHA512
af88b0e2c02f817a93be991f928f51542d339964e2b78b234e1bc7aeddbfefc8ac200e37ee26e6466786f47c9f135692fc94fdf189b80c67bce507e9d958fcf6
-
SSDEEP
12288:yMrry90knhKVBVhSVt89VEOF/pjFoQC7ETuQ2mw083dn5G:1yfsVrhKsOofo/7ET/O0Yd5G
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-