General
-
Target
72c6824d03dd629601466ddc4a8be6181538a592fc9f5c3bf7d2ce3d10e15389
-
Size
950KB
-
Sample
230424-ag36yagg24
-
MD5
c5982260d0d3203216d1a46934d9a001
-
SHA1
9d10d5a2af5d889248ea8d3fb2645dd715cc672a
-
SHA256
72c6824d03dd629601466ddc4a8be6181538a592fc9f5c3bf7d2ce3d10e15389
-
SHA512
3cbfa7274f315d2953bd69c1742e260af22292a65ff501c911e8eecfcb5b0c3e71f05c0be7b1cd44126cb7ce7d2f8ca1a530e27ad439326c788c2987153c9abd
-
SSDEEP
24576:Uy0hRG5wJL/Jd11r8L/R8shEIPjTYhDKiOnksl:jGgSJAjbEIPvYpFOnf
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
72c6824d03dd629601466ddc4a8be6181538a592fc9f5c3bf7d2ce3d10e15389
-
Size
950KB
-
MD5
c5982260d0d3203216d1a46934d9a001
-
SHA1
9d10d5a2af5d889248ea8d3fb2645dd715cc672a
-
SHA256
72c6824d03dd629601466ddc4a8be6181538a592fc9f5c3bf7d2ce3d10e15389
-
SHA512
3cbfa7274f315d2953bd69c1742e260af22292a65ff501c911e8eecfcb5b0c3e71f05c0be7b1cd44126cb7ce7d2f8ca1a530e27ad439326c788c2987153c9abd
-
SSDEEP
24576:Uy0hRG5wJL/Jd11r8L/R8shEIPjTYhDKiOnksl:jGgSJAjbEIPvYpFOnf
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-