General
-
Target
5ecec6befdddec0403cda76e4d3ca56465cfa5ef74e1a4c86b080c3d033bf79a
-
Size
951KB
-
Sample
230423-3h37jsge67
-
MD5
3e7902dbb9738f2e15141a197c3cac53
-
SHA1
26a72f80fa9493669ce2a1a4e45e4a989cb7d9f7
-
SHA256
5ecec6befdddec0403cda76e4d3ca56465cfa5ef74e1a4c86b080c3d033bf79a
-
SHA512
08e57a422bd54b7fc6e579eb5252ba1e5184ece8115d2b2e247418447f59a41ef7a4b909467c5eb7345d48728e69c7bdcbfe1b9a80c76f16a3d8cb01ae518fa3
-
SSDEEP
24576:IyEW6hStH5Su1SzTuRpAJGIwPlfZOKO/qm:PZ6w+uR2GIwdM/q
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
5ecec6befdddec0403cda76e4d3ca56465cfa5ef74e1a4c86b080c3d033bf79a
-
Size
951KB
-
MD5
3e7902dbb9738f2e15141a197c3cac53
-
SHA1
26a72f80fa9493669ce2a1a4e45e4a989cb7d9f7
-
SHA256
5ecec6befdddec0403cda76e4d3ca56465cfa5ef74e1a4c86b080c3d033bf79a
-
SHA512
08e57a422bd54b7fc6e579eb5252ba1e5184ece8115d2b2e247418447f59a41ef7a4b909467c5eb7345d48728e69c7bdcbfe1b9a80c76f16a3d8cb01ae518fa3
-
SSDEEP
24576:IyEW6hStH5Su1SzTuRpAJGIwPlfZOKO/qm:PZ6w+uR2GIwdM/q
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-