General
-
Target
2e86198ee03dfb022683b03bdb7be8b6492441cba6cda66b1478779bc9a7e8a2
-
Size
642KB
-
Sample
230206-pv5dgshb7t
-
MD5
07b1dca65ae2c495983b1d7af219b7d6
-
SHA1
c069063990788aa3d8d9b57fad3d0b5dacd8df7d
-
SHA256
2e86198ee03dfb022683b03bdb7be8b6492441cba6cda66b1478779bc9a7e8a2
-
SHA512
e23add5cada9afd5711807feeabac9f277c6467cdb2b9616ef1b1cf00f95e00a13d38782edb32c9dc9f0b8b1b4e9368185c2c6eb54408e96b246f33ff4c95817
-
SSDEEP
12288:yMrgy90/AI45VIPmJz0vFn+wpNx5MrIm8T30Erau9iz4byW/6/:WyAcV6m2pFSImc0avFekI
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
2e86198ee03dfb022683b03bdb7be8b6492441cba6cda66b1478779bc9a7e8a2
-
Size
642KB
-
MD5
07b1dca65ae2c495983b1d7af219b7d6
-
SHA1
c069063990788aa3d8d9b57fad3d0b5dacd8df7d
-
SHA256
2e86198ee03dfb022683b03bdb7be8b6492441cba6cda66b1478779bc9a7e8a2
-
SHA512
e23add5cada9afd5711807feeabac9f277c6467cdb2b9616ef1b1cf00f95e00a13d38782edb32c9dc9f0b8b1b4e9368185c2c6eb54408e96b246f33ff4c95817
-
SSDEEP
12288:yMrgy90/AI45VIPmJz0vFn+wpNx5MrIm8T30Erau9iz4byW/6/:WyAcV6m2pFSImc0avFekI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-