General
-
Target
setup.exe
-
Size
950KB
-
Sample
230424-ag68laac8t
-
MD5
45d20b3b4b2294d275eea725d28d15f6
-
SHA1
2f29d1bc549f9a8a474ceaa97bb2328205c2deec
-
SHA256
4612abbf556c9e649964e669af3eca0efe5bba72be754652ca449a29be47d460
-
SHA512
f8a7e9bcf13be273f63bc5ea6e87da1cd8e70dbab506049dc8399d9c23605ae81cf5bb5eedd920f1690b0f924fb8fe1de54742f263fa0210e1627f1f7c492ba3
-
SSDEEP
24576:6y/zx+jtdQtNOjHmHwOTDdtr3Ly2yI7SuhaDe+AJ0Sl4Mu:Bk34NO6QO3dt1yI7oAaSlD
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
setup.exe
-
Size
950KB
-
MD5
45d20b3b4b2294d275eea725d28d15f6
-
SHA1
2f29d1bc549f9a8a474ceaa97bb2328205c2deec
-
SHA256
4612abbf556c9e649964e669af3eca0efe5bba72be754652ca449a29be47d460
-
SHA512
f8a7e9bcf13be273f63bc5ea6e87da1cd8e70dbab506049dc8399d9c23605ae81cf5bb5eedd920f1690b0f924fb8fe1de54742f263fa0210e1627f1f7c492ba3
-
SSDEEP
24576:6y/zx+jtdQtNOjHmHwOTDdtr3Ly2yI7SuhaDe+AJ0Sl4Mu:Bk34NO6QO3dt1yI7oAaSlD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-