General
-
Target
5603aad4c5d17153cb7ded7fb0eb2edb8331466a04427b74f2cc63d59ecb9969
-
Size
573KB
-
Sample
230206-t1lwjseh34
-
MD5
1ea1be9c195fc9e485a3b4fd94302f09
-
SHA1
29e9d3c5c33b23ef6f53c68b7286be7985ecd5a8
-
SHA256
5603aad4c5d17153cb7ded7fb0eb2edb8331466a04427b74f2cc63d59ecb9969
-
SHA512
1db798a96cd186c44c57e40eeb143fd0a6c54511222aef633699b32f3206294890582e0f3aea899a891d45fecfd8df93165118b542b751c65591a00bd49d5751
-
SSDEEP
12288:wMrHy901hcrseXrqw0IDl/+/0dtsF4jN0n/tMD1VJm:nyVrsiO4DlWsdzR0n/Gc
Static task
static1
Behavioral task
behavioral1
Sample
5603aad4c5d17153cb7ded7fb0eb2edb8331466a04427b74f2cc63d59ecb9969.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
5603aad4c5d17153cb7ded7fb0eb2edb8331466a04427b74f2cc63d59ecb9969
-
Size
573KB
-
MD5
1ea1be9c195fc9e485a3b4fd94302f09
-
SHA1
29e9d3c5c33b23ef6f53c68b7286be7985ecd5a8
-
SHA256
5603aad4c5d17153cb7ded7fb0eb2edb8331466a04427b74f2cc63d59ecb9969
-
SHA512
1db798a96cd186c44c57e40eeb143fd0a6c54511222aef633699b32f3206294890582e0f3aea899a891d45fecfd8df93165118b542b751c65591a00bd49d5751
-
SSDEEP
12288:wMrHy901hcrseXrqw0IDl/+/0dtsF4jN0n/tMD1VJm:nyVrsiO4DlWsdzR0n/Gc
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-