General
-
Target
JaffaCakes118_10a7d83a5560c2ad097c43ad2654e1f31f065be4e4b3bb59628b36c08f829a48
-
Size
163KB
-
Sample
241223-3k9r4svmhz
-
MD5
86b3d79b6b43440a0aa881f477100abf
-
SHA1
23f7268bdb475a33d6bfec4debd14e0a8dca3b50
-
SHA256
10a7d83a5560c2ad097c43ad2654e1f31f065be4e4b3bb59628b36c08f829a48
-
SHA512
319e98c2a6ff91ddd81359e1134199f4ebd1734dc3454eb32d3d6bb21b6ed67981e20d47850b9593de612d3c84cd85c13dbd02556807b0ab1c01e1bf9bce761e
-
SSDEEP
3072:I24Q+EJ64RjJ87MbUVRW83xUjr1ZS+JufkszE0AFyNwm+YK3Knpva2oVVFlR:I24QB7j8Qg083xCr++JEkmE09wmm8aNB
Static task
static1
Behavioral task
behavioral1
Sample
914935fe8c30b7184ccfa19097c53eca43dd157b63c29429171a194dce8f9af2.exe
Resource
win7-20241010-en
Malware Config
Extracted
amadey
3.50
0237fa
http://193.56.146.194
-
install_dir
50c1695437
-
install_file
rovwer.exe
-
strings_key
b6d412dd2efdf33d84e939e52040748f
-
url_paths
/h49vlBP/index.php
Targets
-
-
Target
914935fe8c30b7184ccfa19097c53eca43dd157b63c29429171a194dce8f9af2.exe
-
Size
212KB
-
MD5
f57c2b72ee75c357a12ce03a08be95b8
-
SHA1
c0e8867ac37614f7e0e40fab9a66b9c6ef1c3249
-
SHA256
914935fe8c30b7184ccfa19097c53eca43dd157b63c29429171a194dce8f9af2
-
SHA512
59123bbe391f391b3c248f5be7889fad1cc806bbcbbe9ed1653c3ca687f7d27f21ba7e75215e225ddc04e29195d5e5a712e7a6219968eb1ff0e74c32d69da5da
-
SSDEEP
3072:qeJLLpTnq5URrqNqYd31LgpI01TEr4J6anBbkPzHM38ad:zLLpThR4qYh1UG01TEr4nWw38s
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-