General
-
Target
3302fdd3be85ac5427180933319fc800040273318f71fa707ebaab2418c8deb5
-
Size
1.4MB
-
Sample
230415-x5kqtsgh6z
-
MD5
b9f2e521b9da42845ae4955710c9f566
-
SHA1
ade94ab00fc1aead48bce6cbfc1a06a3b815184e
-
SHA256
3302fdd3be85ac5427180933319fc800040273318f71fa707ebaab2418c8deb5
-
SHA512
f6c156009f9437322e399f4c4b361fae7973a72d546d3a6e88f3cf481b42988435801a93f59514ab9f178c8680339259dac8b4a41d0986ef72e41c174056373f
-
SSDEEP
24576:oys9qFUg43bAbSZt3kpONSFyRfPalLzaf1ezbiyKj9sGZ6hxfBFod5uMUnv4zqNh:vWO43b5/kpsRfPHwz2Zsy47MAMYQuNZZ
Static task
static1
Malware Config
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Targets
-
-
Target
3302fdd3be85ac5427180933319fc800040273318f71fa707ebaab2418c8deb5
-
Size
1.4MB
-
MD5
b9f2e521b9da42845ae4955710c9f566
-
SHA1
ade94ab00fc1aead48bce6cbfc1a06a3b815184e
-
SHA256
3302fdd3be85ac5427180933319fc800040273318f71fa707ebaab2418c8deb5
-
SHA512
f6c156009f9437322e399f4c4b361fae7973a72d546d3a6e88f3cf481b42988435801a93f59514ab9f178c8680339259dac8b4a41d0986ef72e41c174056373f
-
SSDEEP
24576:oys9qFUg43bAbSZt3kpONSFyRfPalLzaf1ezbiyKj9sGZ6hxfBFod5uMUnv4zqNh:vWO43b5/kpsRfPHwz2Zsy47MAMYQuNZZ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-