General
-
Target
d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
-
Size
1.5MB
-
Sample
231123-tnmmbaag27
-
MD5
32fd90862f9a7732ec49aad05ba343fe
-
SHA1
473a409ad0d6e896cedfa546c30b16b56355a11f
-
SHA256
d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
-
SHA512
6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd
-
SSDEEP
24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM
Static task
static1
Malware Config
Extracted
amadey
4.12
http://brodoyouevenlift.co.za
-
install_dir
ce3eb8f6b2
-
install_file
Utsysc.exe
-
strings_key
c5b804d7b4c8a99f5afb89e5203cf3ba
-
url_paths
/g9sdjScV2/index.php
/vdhe8ejs3/index.php
Targets
-
-
Target
d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
-
Size
1.5MB
-
MD5
32fd90862f9a7732ec49aad05ba343fe
-
SHA1
473a409ad0d6e896cedfa546c30b16b56355a11f
-
SHA256
d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
-
SHA512
6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd
-
SSDEEP
24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-