General
-
Target
b1672cb34ff89230e6ccb7f8446f41987e387298b0d20d785e4bc4cc8feb7250
-
Size
557KB
-
Sample
230207-axv59sgf67
-
MD5
658753446e290e92115e2e741aac64a8
-
SHA1
0120ab100f19fb314d4e7168c848ee08b41ba47d
-
SHA256
b1672cb34ff89230e6ccb7f8446f41987e387298b0d20d785e4bc4cc8feb7250
-
SHA512
dd6cd5cfffd11ce5e7d2675e679c9fdb5712d7f059d86644e8f989ddaae0c2bf60b68793a5523ff01912adb2c15e610f3bf99ab5ba18ccfffa54110dd729aaa0
-
SSDEEP
12288:5Mrky90mJ/A3EePjCaHsO0laO0X4LQ4A2:pyP/AUMjCaHsOaVQ8C2
Static task
static1
Behavioral task
behavioral1
Sample
b1672cb34ff89230e6ccb7f8446f41987e387298b0d20d785e4bc4cc8feb7250.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
b1672cb34ff89230e6ccb7f8446f41987e387298b0d20d785e4bc4cc8feb7250
-
Size
557KB
-
MD5
658753446e290e92115e2e741aac64a8
-
SHA1
0120ab100f19fb314d4e7168c848ee08b41ba47d
-
SHA256
b1672cb34ff89230e6ccb7f8446f41987e387298b0d20d785e4bc4cc8feb7250
-
SHA512
dd6cd5cfffd11ce5e7d2675e679c9fdb5712d7f059d86644e8f989ddaae0c2bf60b68793a5523ff01912adb2c15e610f3bf99ab5ba18ccfffa54110dd729aaa0
-
SSDEEP
12288:5Mrky90mJ/A3EePjCaHsO0laO0X4LQ4A2:pyP/AUMjCaHsOaVQ8C2
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-