General
-
Target
768a4cbe922f544a57d385f4bca801bae460ac0d7c243ff7566531cc123679e2
-
Size
844KB
-
Sample
230421-svve3agc95
-
MD5
842ad9aecbd7984b3e101f153309d5d2
-
SHA1
c5820280102f4cdc48701e7f9f25679df16df92b
-
SHA256
768a4cbe922f544a57d385f4bca801bae460ac0d7c243ff7566531cc123679e2
-
SHA512
083353674db2591b447671f329ef5413fa554d6dfaebc247a5e950b47a93e01954d05b58a088615cf8dd2b513b54b449e62c2d30feb29975d1ab03936b6a0006
-
SSDEEP
24576:my8HINgP9EZpcojF9doO6QktNtqzAVQQRfC3:18HIaPTG9dKXtN6A3K
Static task
static1
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
768a4cbe922f544a57d385f4bca801bae460ac0d7c243ff7566531cc123679e2
-
Size
844KB
-
MD5
842ad9aecbd7984b3e101f153309d5d2
-
SHA1
c5820280102f4cdc48701e7f9f25679df16df92b
-
SHA256
768a4cbe922f544a57d385f4bca801bae460ac0d7c243ff7566531cc123679e2
-
SHA512
083353674db2591b447671f329ef5413fa554d6dfaebc247a5e950b47a93e01954d05b58a088615cf8dd2b513b54b449e62c2d30feb29975d1ab03936b6a0006
-
SSDEEP
24576:my8HINgP9EZpcojF9doO6QktNtqzAVQQRfC3:18HIaPTG9dKXtN6A3K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-