General
-
Target
v7229391.bin.exe
-
Size
235KB
-
Sample
230719-d9w5waff23
-
MD5
ee5e79d00a13fde9e96a1f9953f35fea
-
SHA1
788be8b6304f138f5c7bdf00fe98562de6f2790d
-
SHA256
10f472a1b5799a09ae60fd901a10125c8eed6220bdbed49cfa301962e7972837
-
SHA512
26b1209bb16d6e5ed3dabe6fc18e6ec425197ecfd26f2038d9d796cff93d25597c774ca01fec5d975457ef7e544b9d7f7d09372e391c1823b4a7e3bcf94d0c49
-
SSDEEP
6144:KCy+bnr+0p0yN90QEdHyEL9MR1SKgfYLNYs1Ul8C2N:6Mrcy90zgoYLWs6l8V
Static task
static1
Behavioral task
behavioral1
Sample
v7229391.bin.exe
Resource
win7-20230712-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Targets
-
-
Target
v7229391.bin.exe
-
Size
235KB
-
MD5
ee5e79d00a13fde9e96a1f9953f35fea
-
SHA1
788be8b6304f138f5c7bdf00fe98562de6f2790d
-
SHA256
10f472a1b5799a09ae60fd901a10125c8eed6220bdbed49cfa301962e7972837
-
SHA512
26b1209bb16d6e5ed3dabe6fc18e6ec425197ecfd26f2038d9d796cff93d25597c774ca01fec5d975457ef7e544b9d7f7d09372e391c1823b4a7e3bcf94d0c49
-
SSDEEP
6144:KCy+bnr+0p0yN90QEdHyEL9MR1SKgfYLNYs1Ul8C2N:6Mrcy90zgoYLWs6l8V
-
Detects Healer an antivirus disabler dropper
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-