General
-
Target
JaffaCakes118_0ad22c62ad6c2d47a67e6363c4c581b4484535a1037dca85c0e6c56793130034
-
Size
383KB
-
Sample
241224-ctm2layqdv
-
MD5
fca659ae151e9601e395311c80affaf3
-
SHA1
4267eba1fd55cba76e72d239d32b44d7415ef0c7
-
SHA256
0ad22c62ad6c2d47a67e6363c4c581b4484535a1037dca85c0e6c56793130034
-
SHA512
c74044ee4f85a07a318a20830d39551fdb95dec61794f1cba6d71d2d4d76f5290ee3b191eb8c69a0cac7bd8a1229bc95111d7640abf9d66bdfc95b2bbfa512fa
-
SSDEEP
6144:kPOoI3LsLwU9DjVOxnbLdWdR+sVEPQs6FU6KdAHuzbgwuO0Q7ITsqpTmZwVfT:kP5I3Lo59OxbLdWQIvUwunnwQ7OT
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0ad22c62ad6c2d47a67e6363c4c581b4484535a1037dca85c0e6c56793130034.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
3.08
d00855
http://179.43.154.147
-
install_dir
9d5cca72fb
-
install_file
ftewk.exe
-
strings_key
9defde16baecb416084964a9b667f06e
-
url_paths
/d2VxjasuwS/index.php
Targets
-
-
Target
JaffaCakes118_0ad22c62ad6c2d47a67e6363c4c581b4484535a1037dca85c0e6c56793130034
-
Size
383KB
-
MD5
fca659ae151e9601e395311c80affaf3
-
SHA1
4267eba1fd55cba76e72d239d32b44d7415ef0c7
-
SHA256
0ad22c62ad6c2d47a67e6363c4c581b4484535a1037dca85c0e6c56793130034
-
SHA512
c74044ee4f85a07a318a20830d39551fdb95dec61794f1cba6d71d2d4d76f5290ee3b191eb8c69a0cac7bd8a1229bc95111d7640abf9d66bdfc95b2bbfa512fa
-
SSDEEP
6144:kPOoI3LsLwU9DjVOxnbLdWdR+sVEPQs6FU6KdAHuzbgwuO0Q7ITsqpTmZwVfT:kP5I3Lo59OxbLdWQIvUwunnwQ7OT
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-