General
-
Target
50b59ec66299f7a528e35b5747cff7ec.exe
-
Size
434KB
-
Sample
231127-ssg2yshd74
-
MD5
50b59ec66299f7a528e35b5747cff7ec
-
SHA1
1a4a71093b3075a2b28184908fe5e80d03d65e82
-
SHA256
5abd71acc7aaa2bb26c92e6c5d1827b20b8157f74b612b3bd1a6b79e2bd6a2e6
-
SHA512
5b34ca72ddfd01617c0ee622b06117ee825c70c442a04dd4c931ff3ab7f1a449c19fe9127e0ddaaf75395bc00942e7040a1117bf5d20a0042324c430e20ad02d
-
SSDEEP
6144:E+rEsiveHU/h1HiUUgO+rO2gdY8xWthfs+Eusf/:E+rEsiveehZU2gYs0hfs+4/
Static task
static1
Behavioral task
behavioral1
Sample
50b59ec66299f7a528e35b5747cff7ec.exe
Resource
win7-20231020-en
Malware Config
Extracted
amadey
http://arrunda.ru
http://soetegem.com
http://tceducn.com
-
strings_key
eb714cabd2548b4a03c45f723f838bdc
-
url_paths
/forum/index.php
Extracted
amadey
4.11
http://shohetrc.com
http://sibcomputer.ru
http://tve-mail.com
-
install_dir
d4dd819322
-
install_file
Utsysc.exe
-
strings_key
8419b3024d6f72beef8af6915e592308
-
url_paths
/forum/index.php
Targets
-
-
Target
50b59ec66299f7a528e35b5747cff7ec.exe
-
Size
434KB
-
MD5
50b59ec66299f7a528e35b5747cff7ec
-
SHA1
1a4a71093b3075a2b28184908fe5e80d03d65e82
-
SHA256
5abd71acc7aaa2bb26c92e6c5d1827b20b8157f74b612b3bd1a6b79e2bd6a2e6
-
SHA512
5b34ca72ddfd01617c0ee622b06117ee825c70c442a04dd4c931ff3ab7f1a449c19fe9127e0ddaaf75395bc00942e7040a1117bf5d20a0042324c430e20ad02d
-
SSDEEP
6144:E+rEsiveHU/h1HiUUgO+rO2gdY8xWthfs+Eusf/:E+rEsiveehZU2gYs0hfs+4/
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-