General
-
Target
2a2f41e8ef6a9bf865a51071f3dd91274fe10172ff9280a48bc9856af612b168
-
Size
1.0MB
-
Sample
230419-n2n5eacb4s
-
MD5
50aa9c13e69304bcb5f6869129e3ba01
-
SHA1
7c854b3f3fca002326983fa196771a7a88652d25
-
SHA256
2a2f41e8ef6a9bf865a51071f3dd91274fe10172ff9280a48bc9856af612b168
-
SHA512
005e8dd10ba424c2e02eb7d6dc812de0f735e278edba532dcadef235c54e962e02882466fc3d2d3c6ea5b0b0ac60d464a25fc4b73134ed45c5f6e939432cc58c
-
SSDEEP
24576:Bywt0NnOWScwam/+LlBGKeVJSkSEELabTU7:0+4O3dniBdez4EzbI
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
aurora
89.208.103.78:8081
Targets
-
-
Target
2a2f41e8ef6a9bf865a51071f3dd91274fe10172ff9280a48bc9856af612b168
-
Size
1.0MB
-
MD5
50aa9c13e69304bcb5f6869129e3ba01
-
SHA1
7c854b3f3fca002326983fa196771a7a88652d25
-
SHA256
2a2f41e8ef6a9bf865a51071f3dd91274fe10172ff9280a48bc9856af612b168
-
SHA512
005e8dd10ba424c2e02eb7d6dc812de0f735e278edba532dcadef235c54e962e02882466fc3d2d3c6ea5b0b0ac60d464a25fc4b73134ed45c5f6e939432cc58c
-
SSDEEP
24576:Bywt0NnOWScwam/+LlBGKeVJSkSEELabTU7:0+4O3dniBdez4EzbI
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-