General
-
Target
3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E.exe
-
Size
3.7MB
-
Sample
221127-3pesjacg2s
-
MD5
31f3dee65723f26fc727d2b640b53733
-
SHA1
ca2676ebf7026b3bd4bc23d513811c382d67b5fc
-
SHA256
3baf8f1b9532a7acedbe8d5ec0922e47b232718542c6e45d9328dffeafe3d7de
-
SHA512
968b31a35ce4a7ddad7884db7db3426089ff21ce0da8f755e6ce1f9cf4172bab488e9155aa483d370cec190c8539cdec8ed1a3a1b32bf5d0edfaacbd7bba04b0
-
SSDEEP
98304:zlyRnSo1TPftn7kdXWXskxmK1STB0H6AitRGqG:KnSoRNn7cmjwBoditRGqG
Behavioral task
behavioral1
Sample
3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E.exe
Resource
win7-20220812-en
Malware Config
Extracted
amadey
3.01
bebraboysclub.hk/g8lvleE2z/index.php
Targets
-
-
Target
3BAF8F1B9532A7ACEDBE8D5EC0922E47B232718542C6E.exe
-
Size
3.7MB
-
MD5
31f3dee65723f26fc727d2b640b53733
-
SHA1
ca2676ebf7026b3bd4bc23d513811c382d67b5fc
-
SHA256
3baf8f1b9532a7acedbe8d5ec0922e47b232718542c6e45d9328dffeafe3d7de
-
SHA512
968b31a35ce4a7ddad7884db7db3426089ff21ce0da8f755e6ce1f9cf4172bab488e9155aa483d370cec190c8539cdec8ed1a3a1b32bf5d0edfaacbd7bba04b0
-
SSDEEP
98304:zlyRnSo1TPftn7kdXWXskxmK1STB0H6AitRGqG:KnSoRNn7cmjwBoditRGqG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-