General
-
Target
15d4314f2a105c16030e5d12291def5272072e67f10d4063184d2cb477c3438d
-
Size
1.9MB
-
Sample
240428-cbvzgsea5v
-
MD5
91cc81462f82c0fb9fcaba053cc9348f
-
SHA1
9b444adf901a2f5e1baf0d0c89034601fd8e2860
-
SHA256
15d4314f2a105c16030e5d12291def5272072e67f10d4063184d2cb477c3438d
-
SHA512
2f9b3ac8c3c41e9c8983b80575ae1807f327c28c4e2cbf178c14548ee70a4c240b6627267e807c8980bf43e317fd353bd3dcd0bed0e89b2281e192a9a9bb1fd1
-
SSDEEP
24576:EQg/bnlnCO3enM0safpTYF76Ts6Z4jSq2VXRa5UAloyp/RVAREnwHyM/iN4MMxaG:E3/bn5tYfhYF7Q4jY/4ZVbmdRsr
Static task
static1
Behavioral task
behavioral1
Sample
15d4314f2a105c16030e5d12291def5272072e67f10d4063184d2cb477c3438d.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
amadey
4.20
http://193.233.132.139
-
install_dir
5454e6f062
-
install_file
explorta.exe
-
strings_key
c7a869c5ba1d72480093ec207994e2bf
-
url_paths
/sev56rkm/index.php
Targets
-
-
Target
15d4314f2a105c16030e5d12291def5272072e67f10d4063184d2cb477c3438d
-
Size
1.9MB
-
MD5
91cc81462f82c0fb9fcaba053cc9348f
-
SHA1
9b444adf901a2f5e1baf0d0c89034601fd8e2860
-
SHA256
15d4314f2a105c16030e5d12291def5272072e67f10d4063184d2cb477c3438d
-
SHA512
2f9b3ac8c3c41e9c8983b80575ae1807f327c28c4e2cbf178c14548ee70a4c240b6627267e807c8980bf43e317fd353bd3dcd0bed0e89b2281e192a9a9bb1fd1
-
SSDEEP
24576:EQg/bnlnCO3enM0safpTYF76Ts6Z4jSq2VXRa5UAloyp/RVAREnwHyM/iN4MMxaG:E3/bn5tYfhYF7Q4jY/4ZVbmdRsr
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-