General
-
Target
b6b1a78399760cef1d8cb166638d123d017dc2c8cd77ec87eab6a354ebded5eb
-
Size
642KB
-
Sample
230206-mzw7kade85
-
MD5
d6cda542a91395c3c7e2faa7bd2e19d1
-
SHA1
a604bf9bf2d68552306e0c8de9d1e83f570ee376
-
SHA256
b6b1a78399760cef1d8cb166638d123d017dc2c8cd77ec87eab6a354ebded5eb
-
SHA512
51de951a30e2d8b6a0d23af384c94eb8fd6d8f3611a999b534b4fe3d46219f498c66e6f0fe0c7f1271d7080b3b8249356cc0d36c4112ca2824cfcf59db0bc9c8
-
SSDEEP
12288:1MrVy90KVu3w2wyB/pjRoQCDETu22mw08aYutP:YyuHVHo/DETvO0ao
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
b6b1a78399760cef1d8cb166638d123d017dc2c8cd77ec87eab6a354ebded5eb
-
Size
642KB
-
MD5
d6cda542a91395c3c7e2faa7bd2e19d1
-
SHA1
a604bf9bf2d68552306e0c8de9d1e83f570ee376
-
SHA256
b6b1a78399760cef1d8cb166638d123d017dc2c8cd77ec87eab6a354ebded5eb
-
SHA512
51de951a30e2d8b6a0d23af384c94eb8fd6d8f3611a999b534b4fe3d46219f498c66e6f0fe0c7f1271d7080b3b8249356cc0d36c4112ca2824cfcf59db0bc9c8
-
SSDEEP
12288:1MrVy90KVu3w2wyB/pjRoQCDETu22mw08aYutP:YyuHVHo/DETvO0ao
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-