General
-
Target
1b59c1b6b80afa1be025cfd28520aff16a824b973d0bd4aa280c2bae68d80217
-
Size
558KB
-
Sample
230207-anxmqsbg7y
-
MD5
4b81cabcacc3713950841c4b8ebd4f12
-
SHA1
0bcc0a7176145c3926a33c2b7306bdfe96e768d8
-
SHA256
1b59c1b6b80afa1be025cfd28520aff16a824b973d0bd4aa280c2bae68d80217
-
SHA512
81d3b2e8a5f3bc725fecc8766cfad53c0cd418d0ebfa904486dfca1b83b56e75e7ee4b241ad8dc554f92d30e056d2c1e8b46b9888f31a0b1a0a7f659c5932fcf
-
SSDEEP
12288:FMrXy90DrdnsFPXelgNbHCEXsOMB+LAslvAR:+yErdslOlgNTCEXsOo+ksl4R
Static task
static1
Behavioral task
behavioral1
Sample
1b59c1b6b80afa1be025cfd28520aff16a824b973d0bd4aa280c2bae68d80217.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
1b59c1b6b80afa1be025cfd28520aff16a824b973d0bd4aa280c2bae68d80217
-
Size
558KB
-
MD5
4b81cabcacc3713950841c4b8ebd4f12
-
SHA1
0bcc0a7176145c3926a33c2b7306bdfe96e768d8
-
SHA256
1b59c1b6b80afa1be025cfd28520aff16a824b973d0bd4aa280c2bae68d80217
-
SHA512
81d3b2e8a5f3bc725fecc8766cfad53c0cd418d0ebfa904486dfca1b83b56e75e7ee4b241ad8dc554f92d30e056d2c1e8b46b9888f31a0b1a0a7f659c5932fcf
-
SSDEEP
12288:FMrXy90DrdnsFPXelgNbHCEXsOMB+LAslvAR:+yErdslOlgNTCEXsOo+ksl4R
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-