General
-
Target
2b70bd22eede38fed14dc63a722a6c00ae058583d0eac930f82257f28c8fb898
-
Size
574KB
-
Sample
230206-wdz6rsfb59
-
MD5
0d75cfc4f8234a4bfa6d7f73175488bb
-
SHA1
8d9fdaf41c7af6947cd388f82fd7b1fd1bf73cf4
-
SHA256
2b70bd22eede38fed14dc63a722a6c00ae058583d0eac930f82257f28c8fb898
-
SHA512
31bc95db123d989b7c14d5c922ccc0d19db30cfce5503b1156b72865e5cbebdb576d6f05fcbde5006d9ff9224cb4d2844239e428dc17719c75119b198995d980
-
SSDEEP
12288:jMrvy906zrXzgfMT3mSoSI/0JtFFNaN0n/tRp8uqx8:MylPXOMT3mSYsJfw0n/rqa
Static task
static1
Behavioral task
behavioral1
Sample
2b70bd22eede38fed14dc63a722a6c00ae058583d0eac930f82257f28c8fb898.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
2b70bd22eede38fed14dc63a722a6c00ae058583d0eac930f82257f28c8fb898
-
Size
574KB
-
MD5
0d75cfc4f8234a4bfa6d7f73175488bb
-
SHA1
8d9fdaf41c7af6947cd388f82fd7b1fd1bf73cf4
-
SHA256
2b70bd22eede38fed14dc63a722a6c00ae058583d0eac930f82257f28c8fb898
-
SHA512
31bc95db123d989b7c14d5c922ccc0d19db30cfce5503b1156b72865e5cbebdb576d6f05fcbde5006d9ff9224cb4d2844239e428dc17719c75119b198995d980
-
SSDEEP
12288:jMrvy906zrXzgfMT3mSoSI/0JtFFNaN0n/tRp8uqx8:MylPXOMT3mSYsJfw0n/rqa
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-