General
-
Target
e1afc5b97cf198714159fbb5a3bd1585d0467859ce51122fdcf7a88c0e6449ef
-
Size
1.1MB
-
Sample
230419-q17apsag98
-
MD5
466ec4eee806a4ebca3b4ef1b21df851
-
SHA1
ff206d3189276f24cebb9cddc85ca8894d262122
-
SHA256
e1afc5b97cf198714159fbb5a3bd1585d0467859ce51122fdcf7a88c0e6449ef
-
SHA512
1eff7ecb02579ace37bb933ae2b6a59ca9dc62a6e862da439680fa4f51eb5d53fce975d1de844bc117aa39739eb840a6915e4fafebaeee5b8957522b1166629f
-
SSDEEP
24576:iyTetZILdiIw5vgvjeegNUOdR+M/YvCTf8Sr99m5:JTwILQSaegNL+sDO
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
aurora
89.208.103.78:8081
Targets
-
-
Target
e1afc5b97cf198714159fbb5a3bd1585d0467859ce51122fdcf7a88c0e6449ef
-
Size
1.1MB
-
MD5
466ec4eee806a4ebca3b4ef1b21df851
-
SHA1
ff206d3189276f24cebb9cddc85ca8894d262122
-
SHA256
e1afc5b97cf198714159fbb5a3bd1585d0467859ce51122fdcf7a88c0e6449ef
-
SHA512
1eff7ecb02579ace37bb933ae2b6a59ca9dc62a6e862da439680fa4f51eb5d53fce975d1de844bc117aa39739eb840a6915e4fafebaeee5b8957522b1166629f
-
SSDEEP
24576:iyTetZILdiIw5vgvjeegNUOdR+M/YvCTf8Sr99m5:JTwILQSaegNL+sDO
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-