General
-
Target
deee42649f32b19c50ea38026022d0f717173ad42fd91291d76aed3ee92ea1ef
-
Size
1.8MB
-
Sample
240331-sc1t5aed94
-
MD5
04174a473f674ad9727cc49ef0d80182
-
SHA1
678b428cb4cbd8ba99b16bab82a41932dc06ae88
-
SHA256
deee42649f32b19c50ea38026022d0f717173ad42fd91291d76aed3ee92ea1ef
-
SHA512
5d578705529afe7e63e0cfc48e5be008faec99eae75534f62d8f806ed82ad91ceea84417247a96608411cb704ac2c1d404dc76678f0885c7d3107bb02de7697b
-
SSDEEP
49152:kyW6EBOujIJPy0UgPi1n1w2A0Tp9c87xATg2p9iu2U4:kyW6E/xg+nq6Tpa6q52U4
Static task
static1
Behavioral task
behavioral1
Sample
deee42649f32b19c50ea38026022d0f717173ad42fd91291d76aed3ee92ea1ef.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Targets
-
-
Target
deee42649f32b19c50ea38026022d0f717173ad42fd91291d76aed3ee92ea1ef
-
Size
1.8MB
-
MD5
04174a473f674ad9727cc49ef0d80182
-
SHA1
678b428cb4cbd8ba99b16bab82a41932dc06ae88
-
SHA256
deee42649f32b19c50ea38026022d0f717173ad42fd91291d76aed3ee92ea1ef
-
SHA512
5d578705529afe7e63e0cfc48e5be008faec99eae75534f62d8f806ed82ad91ceea84417247a96608411cb704ac2c1d404dc76678f0885c7d3107bb02de7697b
-
SSDEEP
49152:kyW6EBOujIJPy0UgPi1n1w2A0Tp9c87xATg2p9iu2U4:kyW6E/xg+nq6Tpa6q52U4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-