General
-
Target
3189c4ee9a09485edd30750f14cc1fc4a821c30315c51b17ceeb4285db7a58d7
-
Size
309KB
-
Sample
231129-j7ytksfa9v
-
MD5
cec474126d3b1647dc4b610e4e674b0c
-
SHA1
9289805256ae15da939bdb08d034e2f2533402d0
-
SHA256
f1d0a44fff4e265f76fdfc8b585bfbe54b4662a0edb951d9566f279f2f181f0f
-
SHA512
ab6015eb6e399fab97b1bd693f0c5f5a4500369d0eda919761cf53e0ab5b7b3e1d550eb3ea8924bf6fab620e581c885e6a9c5c0c99a69bf0388bd2f33df6dd4a
-
SSDEEP
6144:cmcjVJM0o918MWWhUodIXbld/0d57bodK7i2sfFmxDRWHP+L6s:cm0Vyt1880ZFM5JS2RQGN
Static task
static1
Behavioral task
behavioral1
Sample
3189c4ee9a09485edd30750f14cc1fc4a821c30315c51b17ceeb4285db7a58d7.exe
Resource
win7-20231020-en
Malware Config
Extracted
amadey
http://arrunda.ru
http://soetegem.com
http://tceducn.com
-
strings_key
eb714cabd2548b4a03c45f723f838bdc
-
url_paths
/forum/index.php
Extracted
amadey
4.11
http://shohetrc.com
http://sibcomputer.ru
http://tve-mail.com
-
install_dir
d4dd819322
-
install_file
Utsysc.exe
-
strings_key
8419b3024d6f72beef8af6915e592308
-
url_paths
/forum/index.php
Targets
-
-
Target
3189c4ee9a09485edd30750f14cc1fc4a821c30315c51b17ceeb4285db7a58d7
-
Size
438KB
-
MD5
0212113ffcbcd270155711883c54aead
-
SHA1
d4cd2cf05cdf3860b64935f19a992f54323c941c
-
SHA256
3189c4ee9a09485edd30750f14cc1fc4a821c30315c51b17ceeb4285db7a58d7
-
SHA512
f8406c2d86767ceba9b68eb1c87cdd327ec61d54c2f4860c6ea286822f962f464b9acde1f33b117eab9620b1bde6275d6e65e879ad066406f385051f46e3d27f
-
SSDEEP
6144:Qm7ibXH2MT4Ju30WA/ySjIFbld/0d55bodKli2sfFaxDtWHP+vfKYhkp:Qh0Jy0WGTjAZFM5NSutQrYa
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-