General
-
Target
59a0c29a9ce34ffe0f33de41c3bb2f4ee1dadd544dddacf3d021bccbf917c358
-
Size
1.1MB
-
Sample
230421-vzkgrsah8y
-
MD5
de2bdcf6245f6f391789dd48e5489bb4
-
SHA1
cd967f7a02c372fc8dab1bfcfa9d76762b29e813
-
SHA256
59a0c29a9ce34ffe0f33de41c3bb2f4ee1dadd544dddacf3d021bccbf917c358
-
SHA512
387d7fe6011b607c4f2650d3db7ddd31e79b9edf0b33118a4ad771b369ae6b57bed32493fc70fb9a3cf59e8e7a4d1b3e1e7fd7e9a66bdd8ef536313756ded8bd
-
SSDEEP
24576:0yqoCYvdjZwqiEVDShROit2Ak3iCYWoFwHnbT8OodvY:DdrZZwOJI2oFenbTfKv
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
59a0c29a9ce34ffe0f33de41c3bb2f4ee1dadd544dddacf3d021bccbf917c358
-
Size
1.1MB
-
MD5
de2bdcf6245f6f391789dd48e5489bb4
-
SHA1
cd967f7a02c372fc8dab1bfcfa9d76762b29e813
-
SHA256
59a0c29a9ce34ffe0f33de41c3bb2f4ee1dadd544dddacf3d021bccbf917c358
-
SHA512
387d7fe6011b607c4f2650d3db7ddd31e79b9edf0b33118a4ad771b369ae6b57bed32493fc70fb9a3cf59e8e7a4d1b3e1e7fd7e9a66bdd8ef536313756ded8bd
-
SSDEEP
24576:0yqoCYvdjZwqiEVDShROit2Ak3iCYWoFwHnbT8OodvY:DdrZZwOJI2oFenbTfKv
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-