General
-
Target
3c3af642bf642c0ed52f4fd4002e9bfe2736b9381c1f72bca6819da5d56c583a
-
Size
558KB
-
Sample
230206-xhz71aaf3w
-
MD5
1eb68b595f3dfc1912c9b41fbeae7cfb
-
SHA1
db2429abf8907e47e23d60c8f2d7da779f03b415
-
SHA256
3c3af642bf642c0ed52f4fd4002e9bfe2736b9381c1f72bca6819da5d56c583a
-
SHA512
bf72dd56a6d1742126b373d47dead9fc9d7d63fbf420e009c927b067d218f49bf6d18047813d41881e8e606becc345fb4cce6b83753440d6b78ea631e6b16c66
-
SSDEEP
12288:AMr9y90HlscIvRteKLSUK6uYCvETQ53VpaRj+bVjKDaRdN11g:Nybc6SDHvkTyswj16
Static task
static1
Behavioral task
behavioral1
Sample
3c3af642bf642c0ed52f4fd4002e9bfe2736b9381c1f72bca6819da5d56c583a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
3c3af642bf642c0ed52f4fd4002e9bfe2736b9381c1f72bca6819da5d56c583a
-
Size
558KB
-
MD5
1eb68b595f3dfc1912c9b41fbeae7cfb
-
SHA1
db2429abf8907e47e23d60c8f2d7da779f03b415
-
SHA256
3c3af642bf642c0ed52f4fd4002e9bfe2736b9381c1f72bca6819da5d56c583a
-
SHA512
bf72dd56a6d1742126b373d47dead9fc9d7d63fbf420e009c927b067d218f49bf6d18047813d41881e8e606becc345fb4cce6b83753440d6b78ea631e6b16c66
-
SSDEEP
12288:AMr9y90HlscIvRteKLSUK6uYCvETQ53VpaRj+bVjKDaRdN11g:Nybc6SDHvkTyswj16
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-