General
-
Target
f8274acc41a3a96dc6b2b7a1873a9b4d9f05153fa744f418090a03f44d4dfd27
-
Size
1.8MB
-
Sample
240330-y6pa3sdg61
-
MD5
0172d995ea7ecde026c6a6fdeffb3584
-
SHA1
c90ecbab5fdc561902f45c68852c181f1039879c
-
SHA256
f8274acc41a3a96dc6b2b7a1873a9b4d9f05153fa744f418090a03f44d4dfd27
-
SHA512
1253512b69bb625658588d099180bd136c4897f6abdc45bfa98da6c7bda5a660d38e2fa6a1649f1670f9faba3384489217ab16e59ff2f8c066eee72cb7e380ef
-
SSDEEP
49152:nLoi2Hz68FLfn2h5/qEbTiQ+K7B4qgUe5n:nn2+afazgOLk
Static task
static1
Behavioral task
behavioral1
Sample
f8274acc41a3a96dc6b2b7a1873a9b4d9f05153fa744f418090a03f44d4dfd27.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.18
http://193.233.132.56
-
install_dir
09fd851a4f
-
install_file
explorha.exe
-
strings_key
443351145ece4966ded809641c77cfa8
-
url_paths
/Pneh2sXQk0/index.php
Targets
-
-
Target
f8274acc41a3a96dc6b2b7a1873a9b4d9f05153fa744f418090a03f44d4dfd27
-
Size
1.8MB
-
MD5
0172d995ea7ecde026c6a6fdeffb3584
-
SHA1
c90ecbab5fdc561902f45c68852c181f1039879c
-
SHA256
f8274acc41a3a96dc6b2b7a1873a9b4d9f05153fa744f418090a03f44d4dfd27
-
SHA512
1253512b69bb625658588d099180bd136c4897f6abdc45bfa98da6c7bda5a660d38e2fa6a1649f1670f9faba3384489217ab16e59ff2f8c066eee72cb7e380ef
-
SSDEEP
49152:nLoi2Hz68FLfn2h5/qEbTiQ+K7B4qgUe5n:nn2+afazgOLk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-