General
-
Target
6496f235884cabd370f8b11ffc01146ca5daeb7e22d8ebb41fd7c127e1c88347
-
Size
578KB
-
Sample
230206-tfj68aeg33
-
MD5
eefa6cab10064cbc08ec3ad59d71b3e2
-
SHA1
0366d549ff95d6104b4f670eca0862be837a54ee
-
SHA256
6496f235884cabd370f8b11ffc01146ca5daeb7e22d8ebb41fd7c127e1c88347
-
SHA512
f52fb9cdab39592c2d6c12496dd7ea59175c821902531706d22d5bd62bd6340c01d4899a793a732d4fb50b142d36ee1644781420f7424d23d388a7c12f695de6
-
SSDEEP
12288:pMrPy907zjZV6eaNzFdctJnU98aR8qgySspfifFmY7Fyb7wfTs6:yy4zVV6BN0JnULgFsA0Y79fv
Static task
static1
Behavioral task
behavioral1
Sample
6496f235884cabd370f8b11ffc01146ca5daeb7e22d8ebb41fd7c127e1c88347.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
6496f235884cabd370f8b11ffc01146ca5daeb7e22d8ebb41fd7c127e1c88347
-
Size
578KB
-
MD5
eefa6cab10064cbc08ec3ad59d71b3e2
-
SHA1
0366d549ff95d6104b4f670eca0862be837a54ee
-
SHA256
6496f235884cabd370f8b11ffc01146ca5daeb7e22d8ebb41fd7c127e1c88347
-
SHA512
f52fb9cdab39592c2d6c12496dd7ea59175c821902531706d22d5bd62bd6340c01d4899a793a732d4fb50b142d36ee1644781420f7424d23d388a7c12f695de6
-
SSDEEP
12288:pMrPy907zjZV6eaNzFdctJnU98aR8qgySspfifFmY7Fyb7wfTs6:yy4zVV6BN0JnULgFsA0Y79fv
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-