General
-
Target
48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip
-
Size
299KB
-
Sample
231125-lgghqahg37
-
MD5
c73ffb2688d792c3411d403cd831425f
-
SHA1
c4eea6f540e120a82892004a41baeeb9b33bf357
-
SHA256
83aa7b6fd971fe439e866d69e74de44d98130a4b065bc9b119b758df21fa5fa3
-
SHA512
c62cc811c633d8c7210214a1ece829f4f651741d8f22d1ef687cd60b0a30551c343b7c6bff6b0630c764cc7f80de13b7448156af69a5a2d796c5b7c9de304334
-
SSDEEP
6144:+44pvfKw+kz05GDEu1k5i13Dtvkdb3rNfWZkMlpB/MFKwG:+HvfKw+kY5GDEu1Yi1xvibtC0XG
Static task
static1
Behavioral task
behavioral1
Sample
48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe
Resource
win7-20231020-en
Malware Config
Extracted
amadey
http://arrunda.ru
http://soetegem.com
http://tceducn.com
-
strings_key
eb714cabd2548b4a03c45f723f838bdc
-
url_paths
/forum/index.php
Extracted
amadey
4.11
http://shohetrc.com
http://sibcomputer.ru
http://tve-mail.com
-
install_dir
d4dd819322
-
install_file
Utsysc.exe
-
strings_key
8419b3024d6f72beef8af6915e592308
-
url_paths
/forum/index.php
Targets
-
-
Target
48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe
-
Size
389KB
-
MD5
06db095ad745f4d74172f4fba8f3627b
-
SHA1
ca7b62c845365ba6b89293c58b765ae6e583574f
-
SHA256
48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e
-
SHA512
394d58e36537cb2bdfd6ed5c7c0a46a8d07dd9e9c835b8bdf7ee8a7604558a217ec59eca29372cb788ee0a9708a33f2db9c1f78bebda5b799196f712a346a207
-
SSDEEP
6144:QBILQwvGEKYPrXiR8vXkQlJIX6nIFI9he4jy1JKSH:QBI8wuXCXiRclJ5x9hly1x
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-