General
-
Target
1789f6191e13a0b220966ca76b5f5d6576fe8c406be8bfeb37e81e05346da9c0
-
Size
557KB
-
Sample
230206-xdz2faae81
-
MD5
96f534e9a151fc1e5a70461002b8a0a8
-
SHA1
72a9d09bed11af056a3d9b13e67e32f1c42cb6eb
-
SHA256
1789f6191e13a0b220966ca76b5f5d6576fe8c406be8bfeb37e81e05346da9c0
-
SHA512
d919dbb6c906c2fa0a5d3f7da8f2b54f96eba9f27ecda8d792bcfc158aa376056d791f45b797ce1723af373d2c504cdd75b0dc50ff58fc93c48a1b533f7c393f
-
SSDEEP
12288:8Mrey90KYmyiYGe/3LS6OQDUK6uYCvCTC53Vpa6u+bVkKXUeHG:qyzYmrLMOKDHvyuhjRG
Static task
static1
Behavioral task
behavioral1
Sample
1789f6191e13a0b220966ca76b5f5d6576fe8c406be8bfeb37e81e05346da9c0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
1789f6191e13a0b220966ca76b5f5d6576fe8c406be8bfeb37e81e05346da9c0
-
Size
557KB
-
MD5
96f534e9a151fc1e5a70461002b8a0a8
-
SHA1
72a9d09bed11af056a3d9b13e67e32f1c42cb6eb
-
SHA256
1789f6191e13a0b220966ca76b5f5d6576fe8c406be8bfeb37e81e05346da9c0
-
SHA512
d919dbb6c906c2fa0a5d3f7da8f2b54f96eba9f27ecda8d792bcfc158aa376056d791f45b797ce1723af373d2c504cdd75b0dc50ff58fc93c48a1b533f7c393f
-
SSDEEP
12288:8Mrey90KYmyiYGe/3LS6OQDUK6uYCvCTC53Vpa6u+bVkKXUeHG:qyzYmrLMOKDHvyuhjRG
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-