General
-
Target
5054972c0e07a1fe9125dd3e1276bf8bffd3af13010aca029a1c36e8ec4c42dd
-
Size
642KB
-
Sample
230206-pc2jwadg74
-
MD5
0e1b5874be2ff4a6ec9721eeedd28e6c
-
SHA1
985b724281da17a40f6d5fecb2886573f16a4252
-
SHA256
5054972c0e07a1fe9125dd3e1276bf8bffd3af13010aca029a1c36e8ec4c42dd
-
SHA512
dbf03d5216e683d7764ed3f4e4163476f64911feb5d71fdb83d83d6ab3a633cefd84ca2d5dae87f3f13b28e2ddf19c11156766ebff1add32aa7149739d574809
-
SSDEEP
12288:UMrZy90ULvwiCJjnAQGpDJ6Sauq8yIo+XLgyMYDUwcZH:dyBvwiCJjnAl1naIypyvUwcB
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
5054972c0e07a1fe9125dd3e1276bf8bffd3af13010aca029a1c36e8ec4c42dd
-
Size
642KB
-
MD5
0e1b5874be2ff4a6ec9721eeedd28e6c
-
SHA1
985b724281da17a40f6d5fecb2886573f16a4252
-
SHA256
5054972c0e07a1fe9125dd3e1276bf8bffd3af13010aca029a1c36e8ec4c42dd
-
SHA512
dbf03d5216e683d7764ed3f4e4163476f64911feb5d71fdb83d83d6ab3a633cefd84ca2d5dae87f3f13b28e2ddf19c11156766ebff1add32aa7149739d574809
-
SSDEEP
12288:UMrZy90ULvwiCJjnAQGpDJ6Sauq8yIo+XLgyMYDUwcZH:dyBvwiCJjnAl1naIypyvUwcB
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-