General
-
Target
cfe88250f6188bb07aa05e227e4d421e36e185da1b6e7c9132df6876e765b4f4
-
Size
950KB
-
Sample
230423-zjyrnsfg74
-
MD5
6b2be7f07005b8adf3f578f98b0c9225
-
SHA1
6516f0beeb4c4cdb905c7c372ed40af3ce6d2de2
-
SHA256
cfe88250f6188bb07aa05e227e4d421e36e185da1b6e7c9132df6876e765b4f4
-
SHA512
56aa5071796dbc21830875c31aa79f0beb2efc6365531bf4ebe500396a0fac26c9bbed42aeaede78b76ec4209126ff77e3272521bc2d62840ff41dbdbd49e944
-
SSDEEP
24576:Sygbl8I0QxqXn97qkqhWCNO+n5Syp02KQRuw8RgBeFO:5UKR2qt7tEE+5vpLKQ/IEe
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
cfe88250f6188bb07aa05e227e4d421e36e185da1b6e7c9132df6876e765b4f4
-
Size
950KB
-
MD5
6b2be7f07005b8adf3f578f98b0c9225
-
SHA1
6516f0beeb4c4cdb905c7c372ed40af3ce6d2de2
-
SHA256
cfe88250f6188bb07aa05e227e4d421e36e185da1b6e7c9132df6876e765b4f4
-
SHA512
56aa5071796dbc21830875c31aa79f0beb2efc6365531bf4ebe500396a0fac26c9bbed42aeaede78b76ec4209126ff77e3272521bc2d62840ff41dbdbd49e944
-
SSDEEP
24576:Sygbl8I0QxqXn97qkqhWCNO+n5Syp02KQRuw8RgBeFO:5UKR2qt7tEE+5vpLKQ/IEe
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-