General
-
Target
amadey.exe
-
Size
231KB
-
Sample
240701-wjsc4s1eph
-
MD5
3dd072d71907f6d5a5b046908c081f11
-
SHA1
6432c3dacb6e4dec30ad44cc92f79d4a0156affd
-
SHA256
1783a69593b72237fce4111d231ab3c919f9220e8baf8b2216c488d4dbedcdf1
-
SHA512
2f6a4df887ad59e8b34644e8832f843f0f3c84171dbd8ceee9e1ec348684ba43a7ab4f2864464e343c8a17bc147839add11c939dfcea4fd60f79f48b89010453
-
SSDEEP
6144:0s9bFCavQJdMSzPgI0KIikB/NiFEZu7dRmV:pbFCRMcRIiTFgu7dR
Behavioral task
behavioral1
Sample
amadey.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
amadey.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
3.84
dee301
http://109.206.241.33
-
install_dir
73456c80a6
-
install_file
jbruyer.exe
-
strings_key
ba1b310f6d9af5c6a5f24008b410aec0
-
url_paths
/9bDc8sQ/index.php
Targets
-
-
Target
amadey.exe
-
Size
231KB
-
MD5
3dd072d71907f6d5a5b046908c081f11
-
SHA1
6432c3dacb6e4dec30ad44cc92f79d4a0156affd
-
SHA256
1783a69593b72237fce4111d231ab3c919f9220e8baf8b2216c488d4dbedcdf1
-
SHA512
2f6a4df887ad59e8b34644e8832f843f0f3c84171dbd8ceee9e1ec348684ba43a7ab4f2864464e343c8a17bc147839add11c939dfcea4fd60f79f48b89010453
-
SSDEEP
6144:0s9bFCavQJdMSzPgI0KIikB/NiFEZu7dRmV:pbFCRMcRIiTFgu7dR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-