General
-
Target
46080f7806520abec92af5c1248be8f868c7584fbc03d058eced1ba982b8ee0a
-
Size
950KB
-
Sample
230423-zftcsafg52
-
MD5
1e79f750b9cb95c4005a8450d6473dba
-
SHA1
48143457134b20daea4ed9cb37fefa33a38b1eee
-
SHA256
46080f7806520abec92af5c1248be8f868c7584fbc03d058eced1ba982b8ee0a
-
SHA512
47c2b2a1c00e596d1c65700f0d61253fe19ff28f976c0732017597ab1abe94c067a8c7c227b02f9f45a254feb726f302bab0433b7f72930f0eb82e8b2239a8ef
-
SSDEEP
24576:MyKwmFO926lsBG0bZzZW8dB2pUBKMnnbmOaLM:7R326lsBG0b5gpcKSmOaL
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
46080f7806520abec92af5c1248be8f868c7584fbc03d058eced1ba982b8ee0a
-
Size
950KB
-
MD5
1e79f750b9cb95c4005a8450d6473dba
-
SHA1
48143457134b20daea4ed9cb37fefa33a38b1eee
-
SHA256
46080f7806520abec92af5c1248be8f868c7584fbc03d058eced1ba982b8ee0a
-
SHA512
47c2b2a1c00e596d1c65700f0d61253fe19ff28f976c0732017597ab1abe94c067a8c7c227b02f9f45a254feb726f302bab0433b7f72930f0eb82e8b2239a8ef
-
SSDEEP
24576:MyKwmFO926lsBG0bZzZW8dB2pUBKMnnbmOaLM:7R326lsBG0b5gpcKSmOaL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-