General
-
Target
bcdc4c99c5db0927f727006bca8affc303798825188bbf166e76c600a4015ab4
-
Size
1.8MB
-
Sample
240327-wnc4zshf37
-
MD5
2d8a1f40b64bd8c8b08f5fd4a75f00af
-
SHA1
629443666dae380d7ffe7eb2ac5dcfa37b3878e0
-
SHA256
bcdc4c99c5db0927f727006bca8affc303798825188bbf166e76c600a4015ab4
-
SHA512
1b52ee7f7a4640299591e3a34539ea8e1fe2c086e9261a0ba50b8f031e7a904b32500de60808ed97dc94c327b5cf6563b3cb27567791108d335ea70fcdb4d180
-
SSDEEP
49152:xk6ZYm+57MNe1f5mjxkehKOlXy60CdBa37Li:x/ZnM1f50jhKOlptd07L
Static task
static1
Behavioral task
behavioral1
Sample
bcdc4c99c5db0927f727006bca8affc303798825188bbf166e76c600a4015ab4.exe
Resource
win7-20240220-en
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Targets
-
-
Target
bcdc4c99c5db0927f727006bca8affc303798825188bbf166e76c600a4015ab4
-
Size
1.8MB
-
MD5
2d8a1f40b64bd8c8b08f5fd4a75f00af
-
SHA1
629443666dae380d7ffe7eb2ac5dcfa37b3878e0
-
SHA256
bcdc4c99c5db0927f727006bca8affc303798825188bbf166e76c600a4015ab4
-
SHA512
1b52ee7f7a4640299591e3a34539ea8e1fe2c086e9261a0ba50b8f031e7a904b32500de60808ed97dc94c327b5cf6563b3cb27567791108d335ea70fcdb4d180
-
SSDEEP
49152:xk6ZYm+57MNe1f5mjxkehKOlXy60CdBa37Li:x/ZnM1f50jhKOlptd07L
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-