General
-
Target
ftewk.exe
-
Size
334KB
-
Sample
231125-rylfwsba49
-
MD5
21a947b4e4a65510aa9188cc950bc943
-
SHA1
9ee64e984916c52852c31d89b65a08eb2ec61e17
-
SHA256
dcc559c45ecf4159655411999117728f288c7e50c78a2414d020f75cc2b86364
-
SHA512
358105b5371c8988e125040b0cd469854a58b96017bab1d10a5fa826d4ca368705f9994696cf4254f0ab5f7b12f5f2d12ca7aeb75ccf1ed568bbb360efa19684
-
SSDEEP
6144:yTHdZRgemI+7bRjfY3hzVbYTwmpwkwtxxlHltWQImbvv/:yT9/gfI+7bRjfYRdgw+wkixjFUmr/
Static task
static1
Behavioral task
behavioral1
Sample
ftewk.exe
Resource
win7-20231023-en
Malware Config
Extracted
amadey
3.08
http://193.106.191.201
-
install_dir
b3dcf4c296
-
install_file
ftewk.exe
-
strings_key
cb8ccbe6da37d4a50d7be5c517c157de
-
url_paths
/panelis/index.php
Targets
-
-
Target
ftewk.exe
-
Size
334KB
-
MD5
21a947b4e4a65510aa9188cc950bc943
-
SHA1
9ee64e984916c52852c31d89b65a08eb2ec61e17
-
SHA256
dcc559c45ecf4159655411999117728f288c7e50c78a2414d020f75cc2b86364
-
SHA512
358105b5371c8988e125040b0cd469854a58b96017bab1d10a5fa826d4ca368705f9994696cf4254f0ab5f7b12f5f2d12ca7aeb75ccf1ed568bbb360efa19684
-
SSDEEP
6144:yTHdZRgemI+7bRjfY3hzVbYTwmpwkwtxxlHltWQImbvv/:yT9/gfI+7bRjfYRdgw+wkixjFUmr/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-