General
-
Target
3de42e8dcad7071ee556ce2ac67ec15f829ee2aa25b93afdedbf4fe9ec56b90b
-
Size
2.7MB
-
Sample
231207-k11j9sgg87
-
MD5
df6a107318dc367387a3dfa488ac33d1
-
SHA1
01047cdd570753ec8e66f2103e672cf05791fbdf
-
SHA256
85c07ff26092a615e59d53e4a8ebe1833aa68c77065d806d3a5c53a1dd084d2c
-
SHA512
ae275bb4b3e29eb120ff2c344eaadc41560282f81cfb6bd544d7fa8cf933ac5767c96ef0a5aca8dca54d93525f97fdb473dbd850a3d836d528db97f0a28ed115
-
SSDEEP
49152:qBv1bwol/V7wiDAai1Yc882p3PqcZO8bTzJhmpd69cR/Zy:qTbwiDni1Yc88eNR3zc+cRs
Behavioral task
behavioral1
Sample
3de42e8dcad7071ee556ce2ac67ec15f829ee2aa25b93afdedbf4fe9ec56b90b.exe
Resource
win7-20231023-en
Malware Config
Extracted
amadey
4.13
http://185.172.128.125
-
install_dir
4fdb51ccdc
-
install_file
Utsysc.exe
-
strings_key
a70b05054314f381be1ab9a5cdc8b250
-
url_paths
/u6vhSc3PPq/index.php
Targets
-
-
Target
3de42e8dcad7071ee556ce2ac67ec15f829ee2aa25b93afdedbf4fe9ec56b90b
-
Size
3.3MB
-
MD5
1f912c12896eb6942bd3f067d47b9250
-
SHA1
8925008534a6149eaf6c47182cb7e1d89ed59471
-
SHA256
3de42e8dcad7071ee556ce2ac67ec15f829ee2aa25b93afdedbf4fe9ec56b90b
-
SHA512
682cd0638af81715232d6bc8fd7b1378d97d99595ef396d536f2b605e12d7ab162b50acfc09c94f039114e7307d8076f7cc5098a149e98e35b40f4dbeaffb5ce
-
SSDEEP
49152:galdj8F1suOpRK+QjdtI1c7zwosyw91G9R/Ma8pM3h/4tTdS/r:gsdIsuOpRK+QxQy+G9k+/4tTar
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-