General
-
Target
setup.exe
-
Size
890KB
-
Sample
230424-aebznsac6t
-
MD5
e283f0a5fec178b02236e23aadddf0df
-
SHA1
15d05cb65663935cf1ae461a1f42c288b5941154
-
SHA256
3fb1a04e53e8d234ac94d8e9ea2281924c69df623d21eee29514d1a6ccaf95f0
-
SHA512
4112c721944b9c3bccaabc4b4667a8ed52a48253ff0205a3408ca9819f2dff57a59f4b013fb640ad26a253ed9efb43d382a055ee1af4b69d5f14e44798be210a
-
SSDEEP
24576:nyaDIpJK/b2CGYv1yh9NGx/jPx5ozJ/A0yA/YlP6Ms:yaDDKC6W/Lx6zJohKRM
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
setup.exe
-
Size
890KB
-
MD5
e283f0a5fec178b02236e23aadddf0df
-
SHA1
15d05cb65663935cf1ae461a1f42c288b5941154
-
SHA256
3fb1a04e53e8d234ac94d8e9ea2281924c69df623d21eee29514d1a6ccaf95f0
-
SHA512
4112c721944b9c3bccaabc4b4667a8ed52a48253ff0205a3408ca9819f2dff57a59f4b013fb640ad26a253ed9efb43d382a055ee1af4b69d5f14e44798be210a
-
SSDEEP
24576:nyaDIpJK/b2CGYv1yh9NGx/jPx5ozJ/A0yA/YlP6Ms:yaDDKC6W/Lx6zJohKRM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-