General
-
Target
b5153257171efca2a7d2e98961b424ac9cc527c6cc273c8e7efefbdf7ed48212
-
Size
3.8MB
-
Sample
220515-16l7tsbcep
-
MD5
45f42d0f24c52fbd7c8e4005627c3096
-
SHA1
f74df9753a830d151cda0efc13e939043f4e510e
-
SHA256
b5153257171efca2a7d2e98961b424ac9cc527c6cc273c8e7efefbdf7ed48212
-
SHA512
7c71b6e1c12a057c5b865998b8bc3de29ebcd1fd9cc48f1a413015eb9f323b3941e23219075629aebe535b96626a025068cd988e089a90c98d3aed6e866c6477
Behavioral task
behavioral1
Sample
b5153257171efca2a7d2e98961b424ac9cc527c6cc273c8e7efefbdf7ed48212.exe
Resource
win7-20220414-en
Malware Config
Extracted
amadey
3.01
bebraboysclub.hk/g8lvleE2z/index.php
Targets
-
-
Target
b5153257171efca2a7d2e98961b424ac9cc527c6cc273c8e7efefbdf7ed48212
-
Size
3.8MB
-
MD5
45f42d0f24c52fbd7c8e4005627c3096
-
SHA1
f74df9753a830d151cda0efc13e939043f4e510e
-
SHA256
b5153257171efca2a7d2e98961b424ac9cc527c6cc273c8e7efefbdf7ed48212
-
SHA512
7c71b6e1c12a057c5b865998b8bc3de29ebcd1fd9cc48f1a413015eb9f323b3941e23219075629aebe535b96626a025068cd988e089a90c98d3aed6e866c6477
-
Modifies security service
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-