General
-
Target
a575bc46ca73e0a3a0a0fc940088de7eb631d7853e536b697ef94adc2c8021ae
-
Size
1.8MB
-
Sample
240326-sesxascg57
-
MD5
9006c31b945dad73e8b7990ce8a771a6
-
SHA1
6b9669d85db633e3f112ca64db838be6d5cf168d
-
SHA256
a575bc46ca73e0a3a0a0fc940088de7eb631d7853e536b697ef94adc2c8021ae
-
SHA512
f5cb059f42807431cba2cab023d331da53a923f783e11d406f610cd6527df5524ab32f4519a5b1c767f10bb39790facb5add7211b5406794212683d549df6a0d
-
SSDEEP
49152:+O/MyRqrbsikX1g6t2C7ZLtbSLXcIl29+vNko4C:+OZRqr0T/7P2To9+1koH
Static task
static1
Behavioral task
behavioral1
Sample
a575bc46ca73e0a3a0a0fc940088de7eb631d7853e536b697ef94adc2c8021ae.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Extracted
amadey
4.17
http://185.215.113.32
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Targets
-
-
Target
a575bc46ca73e0a3a0a0fc940088de7eb631d7853e536b697ef94adc2c8021ae
-
Size
1.8MB
-
MD5
9006c31b945dad73e8b7990ce8a771a6
-
SHA1
6b9669d85db633e3f112ca64db838be6d5cf168d
-
SHA256
a575bc46ca73e0a3a0a0fc940088de7eb631d7853e536b697ef94adc2c8021ae
-
SHA512
f5cb059f42807431cba2cab023d331da53a923f783e11d406f610cd6527df5524ab32f4519a5b1c767f10bb39790facb5add7211b5406794212683d549df6a0d
-
SSDEEP
49152:+O/MyRqrbsikX1g6t2C7ZLtbSLXcIl29+vNko4C:+OZRqr0T/7P2To9+1koH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-