General
-
Target
689ff816fc3db38894e81abbdf63c02b.exe
-
Size
549KB
-
Sample
241015-tmcqqatdqa
-
MD5
689ff816fc3db38894e81abbdf63c02b
-
SHA1
aceb8ce81d4724d77a1b3031015f6e60d1139352
-
SHA256
f2ebbd96f7cf19aa8cc8b1273d1f80169de93ac4dde951ff4547177a11010945
-
SHA512
b7eefa534ab5b409718d8b2287983417299f78bfed6696bba1037d3c816c3cadd172e5d59b0ff6e4ee8abf340cbc396c1695a075e747030fa7f6d2bfcfb8ef4c
-
SSDEEP
12288:MzW5JeQqp6xEWEoiH5KlCrX4FZg40rvM1BCpkLDapAGEhoCXOfNw9lu+eqQoEzwz:MzWCKlCroFWHr6BCCXau7X3pP7
Behavioral task
behavioral1
Sample
689ff816fc3db38894e81abbdf63c02b.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
689ff816fc3db38894e81abbdf63c02b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
amadey
5.03
61b84f
http://78.153.139.168
-
install_dir
76c5995d57
-
install_file
Gxtuum.exe
-
strings_key
9de0451ffa8c2fdfc09ef4161fee0a87
-
url_paths
/gfj38cHcw/index.php
Targets
-
-
Target
689ff816fc3db38894e81abbdf63c02b.exe
-
Size
549KB
-
MD5
689ff816fc3db38894e81abbdf63c02b
-
SHA1
aceb8ce81d4724d77a1b3031015f6e60d1139352
-
SHA256
f2ebbd96f7cf19aa8cc8b1273d1f80169de93ac4dde951ff4547177a11010945
-
SHA512
b7eefa534ab5b409718d8b2287983417299f78bfed6696bba1037d3c816c3cadd172e5d59b0ff6e4ee8abf340cbc396c1695a075e747030fa7f6d2bfcfb8ef4c
-
SSDEEP
12288:MzW5JeQqp6xEWEoiH5KlCrX4FZg40rvM1BCpkLDapAGEhoCXOfNw9lu+eqQoEzwz:MzWCKlCroFWHr6BCCXau7X3pP7
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1