General
-
Target
f41dba98b7cac1e33a29914225546fcdcfdbd17258fe2c2622135b5fe0c26954.exe
-
Size
577KB
-
Sample
241113-klbycs1rak
-
MD5
ee62926a54f467266d5b1396668f81cd
-
SHA1
8e94692234c5856ffe8c52ea010dd0c38f3fec5d
-
SHA256
f41dba98b7cac1e33a29914225546fcdcfdbd17258fe2c2622135b5fe0c26954
-
SHA512
2172ea31e52296175f1e1bcc36695e4083568c93d5fc7f45b21b41ea650b4ef8090307540ba9a25902a3ac4b34bba07f3ab1563e46989d8542f9893c5ea388f2
-
SSDEEP
12288:ky90sAsrEqTz7Vm4hyKZDBpprmKbI5YYNrqGhMfE0ZCsFwml:ky5AsgfomK8BZqGwEaCsSml
Static task
static1
Malware Config
Extracted
amadey
3.80
9c0adb
http://193.3.19.154
-
install_dir
cb7ae701b3
-
install_file
oneetx.exe
-
strings_key
23b27c80db2465a8e1dc15491b69b82f
-
url_paths
/store/games/index.php
Targets
-
-
Target
f41dba98b7cac1e33a29914225546fcdcfdbd17258fe2c2622135b5fe0c26954.exe
-
Size
577KB
-
MD5
ee62926a54f467266d5b1396668f81cd
-
SHA1
8e94692234c5856ffe8c52ea010dd0c38f3fec5d
-
SHA256
f41dba98b7cac1e33a29914225546fcdcfdbd17258fe2c2622135b5fe0c26954
-
SHA512
2172ea31e52296175f1e1bcc36695e4083568c93d5fc7f45b21b41ea650b4ef8090307540ba9a25902a3ac4b34bba07f3ab1563e46989d8542f9893c5ea388f2
-
SSDEEP
12288:ky90sAsrEqTz7Vm4hyKZDBpprmKbI5YYNrqGhMfE0ZCsFwml:ky5AsgfomK8BZqGwEaCsSml
-
Amadey family
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1