General
-
Target
c80864ec4f40c15a4589d19a1e6cd3ca
-
Size
344KB
-
Sample
230502-mn6xmaaf63
-
MD5
c80864ec4f40c15a4589d19a1e6cd3ca
-
SHA1
60179fed90422c2db1cefa9e05762965fa0e4283
-
SHA256
1d0853e75493b553ef3bb9c05b1b87036e07a8a29a812df6334c4c150444ddfc
-
SHA512
acd6642f29702e26ebf2831506824caf2a1c86c9cf14822c5527545844c6194fb4577c2007b2c6c62238af46f7cc92f045c13b8358e48c173e4cacda11345fa1
-
SSDEEP
6144:iru3Ja8xyrlTd03PzFcJeOwgTq9HBjf0Pc/zx9Eg5D:GGchs7l3bzx6gl
Static task
static1
Behavioral task
behavioral1
Sample
c80864ec4f40c15a4589d19a1e6cd3ca.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c80864ec4f40c15a4589d19a1e6cd3ca.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
tadogem.com/dF30Hn4m/index.php
Extracted
systembc
65.21.119.52:4277
localhost.exchange:4277
Targets
-
-
Target
c80864ec4f40c15a4589d19a1e6cd3ca
-
Size
344KB
-
MD5
c80864ec4f40c15a4589d19a1e6cd3ca
-
SHA1
60179fed90422c2db1cefa9e05762965fa0e4283
-
SHA256
1d0853e75493b553ef3bb9c05b1b87036e07a8a29a812df6334c4c150444ddfc
-
SHA512
acd6642f29702e26ebf2831506824caf2a1c86c9cf14822c5527545844c6194fb4577c2007b2c6c62238af46f7cc92f045c13b8358e48c173e4cacda11345fa1
-
SSDEEP
6144:iru3Ja8xyrlTd03PzFcJeOwgTq9HBjf0Pc/zx9Eg5D:GGchs7l3bzx6gl
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-