General
-
Target
2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
-
Size
5.8MB
-
Sample
231206-kea3gsda75
-
MD5
f4a5122b23d930794978c4615b0ce6d9
-
SHA1
8e34c6a3da1d048b932c20b15fd6ba119677d57c
-
SHA256
2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
-
SHA512
bc98cc58195392f944b82bdb8e246315c0b3670ec3f3ff8f44385fe14b8fdab942dc94ac87313a4c824bdb189b3b7eccb6b09e4781ebe49fb9a99f1e199a1bca
-
SSDEEP
98304:+houLKz8ObAUvRXrrmARbgc4RS6HrHbAdMd93J7OgVNLIKORMed6KSu:+h9LKz8CXhvrRL4RS67bAd63J7vREX0
Static task
static1
Malware Config
Extracted
amadey
4.13
http://185.172.128.125
-
install_dir
4fdb51ccdc
-
install_file
Utsysc.exe
-
strings_key
a70b05054314f381be1ab9a5cdc8b250
-
url_paths
/u6vhSc3PPq/index.php
Targets
-
-
Target
2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
-
Size
5.8MB
-
MD5
f4a5122b23d930794978c4615b0ce6d9
-
SHA1
8e34c6a3da1d048b932c20b15fd6ba119677d57c
-
SHA256
2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
-
SHA512
bc98cc58195392f944b82bdb8e246315c0b3670ec3f3ff8f44385fe14b8fdab942dc94ac87313a4c824bdb189b3b7eccb6b09e4781ebe49fb9a99f1e199a1bca
-
SSDEEP
98304:+houLKz8ObAUvRXrrmARbgc4RS6HrHbAdMd93J7OgVNLIKORMed6KSu:+h9LKz8CXhvrRL4RS67bAd63J7vREX0
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-