General
-
Target
8b63cdbc69acd472ebb9efa57574b90604bdcc877f875726472f9720bd32ec56
-
Size
642KB
-
Sample
230206-ngxwtaha2v
-
MD5
03a15590fc30d8e901305b2c8c17195a
-
SHA1
009c760fb52a951f64c6bfd66f1c62550f8264f4
-
SHA256
8b63cdbc69acd472ebb9efa57574b90604bdcc877f875726472f9720bd32ec56
-
SHA512
a16eae640a1e6046e2954ba2422ea9734c63e5e3de701fd68d20aec4b25625baf0d567f17d42c035f9fbec44a33149e7dd532b594cca2339559d4a41b033b836
-
SSDEEP
12288:fMr3y90IJIOu2nOfSnj+xO1KSauq86EoxXIn9MYLEJ+E:IyZ22nNjWO1XaI6d+bE
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
8b63cdbc69acd472ebb9efa57574b90604bdcc877f875726472f9720bd32ec56
-
Size
642KB
-
MD5
03a15590fc30d8e901305b2c8c17195a
-
SHA1
009c760fb52a951f64c6bfd66f1c62550f8264f4
-
SHA256
8b63cdbc69acd472ebb9efa57574b90604bdcc877f875726472f9720bd32ec56
-
SHA512
a16eae640a1e6046e2954ba2422ea9734c63e5e3de701fd68d20aec4b25625baf0d567f17d42c035f9fbec44a33149e7dd532b594cca2339559d4a41b033b836
-
SSDEEP
12288:fMr3y90IJIOu2nOfSnj+xO1KSauq86EoxXIn9MYLEJ+E:IyZ22nNjWO1XaI6d+bE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-