General
-
Target
c1178ed298b594b66e6343d9f812bb558eb5c2624d4734bc90a50fd663a2e7e5
-
Size
1.7MB
-
Sample
240522-axztfseh44
-
MD5
adadd3064c083adb28aab7ff08946eb7
-
SHA1
f955cc9706079c404a79c81e47880017e451801c
-
SHA256
c1178ed298b594b66e6343d9f812bb558eb5c2624d4734bc90a50fd663a2e7e5
-
SHA512
9a19166007cdaecc2d3cc5a16cff43bad72f72cd53a0e6d24a2c4324a35b0f9d5bf6488b9abec5cc347251b5b43a64c2370b452e52c106f6c418128f72439e8a
-
SSDEEP
49152:CXkELXujhUZv5BW6YSWM1mGSscD393QVzy0IbRvj:CXkEyjhIhBW6YSBmGMDx+zARvj
Behavioral task
behavioral1
Sample
c1178ed298b594b66e6343d9f812bb558eb5c2624d4734bc90a50fd663a2e7e5.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
c1178ed298b594b66e6343d9f812bb558eb5c2624d4734bc90a50fd663a2e7e5
-
Size
1.7MB
-
MD5
adadd3064c083adb28aab7ff08946eb7
-
SHA1
f955cc9706079c404a79c81e47880017e451801c
-
SHA256
c1178ed298b594b66e6343d9f812bb558eb5c2624d4734bc90a50fd663a2e7e5
-
SHA512
9a19166007cdaecc2d3cc5a16cff43bad72f72cd53a0e6d24a2c4324a35b0f9d5bf6488b9abec5cc347251b5b43a64c2370b452e52c106f6c418128f72439e8a
-
SSDEEP
49152:CXkELXujhUZv5BW6YSWM1mGSscD393QVzy0IbRvj:CXkEyjhIhBW6YSBmGMDx+zARvj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-