General
-
Target
e2b58a1f56f92efc405799f346a49c5cffa97aa2dd323bc16edddff402348c39
-
Size
642KB
-
Sample
230206-qq6w7ahd3s
-
MD5
dc145287fcccf80b6cd86ffb1ae2f44a
-
SHA1
228e6b1e4117aacfe3c7c19afea99a9b69d74bd3
-
SHA256
e2b58a1f56f92efc405799f346a49c5cffa97aa2dd323bc16edddff402348c39
-
SHA512
c7ed1c0f8fd5034a2ec1904e6c74cef167a81de30be9540565fdd554d9bde8d86d880ac4ebdfd518bb18ec6dc2cb7759a8919a0f5d32a3fdd2168eea6d809083
-
SSDEEP
12288:PMr5y90G3FNpxJJ6p/3FwC8VLVj0jhfue3d0h7fv3ZJ3uEuPKu4PamNyPAWml:OyJDpxJQ3ZMt0FWfv3Z/uyu4ymNGa
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
e2b58a1f56f92efc405799f346a49c5cffa97aa2dd323bc16edddff402348c39
-
Size
642KB
-
MD5
dc145287fcccf80b6cd86ffb1ae2f44a
-
SHA1
228e6b1e4117aacfe3c7c19afea99a9b69d74bd3
-
SHA256
e2b58a1f56f92efc405799f346a49c5cffa97aa2dd323bc16edddff402348c39
-
SHA512
c7ed1c0f8fd5034a2ec1904e6c74cef167a81de30be9540565fdd554d9bde8d86d880ac4ebdfd518bb18ec6dc2cb7759a8919a0f5d32a3fdd2168eea6d809083
-
SSDEEP
12288:PMr5y90G3FNpxJJ6p/3FwC8VLVj0jhfue3d0h7fv3ZJ3uEuPKu4PamNyPAWml:OyJDpxJQ3ZMt0FWfv3Z/uyu4ymNGa
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-