General
-
Target
2b6c606a88c3c7c3d9ced145f43d864dfd307e35da5bc61792c183d54fba29ec
-
Size
1.8MB
-
Sample
240523-21yjcacg2x
-
MD5
97aca3e79ee54a3eff17a8ed25bc037d
-
SHA1
9a835971559040f587d8697379fd1e2396c7a3a8
-
SHA256
2b6c606a88c3c7c3d9ced145f43d864dfd307e35da5bc61792c183d54fba29ec
-
SHA512
7ffa1f7e657816c4fc2ca82a6cb149a5ad7e0a1f79ace3814d1deace6152fb5235f866f984a290ce3bf2865574e09d5a966b2e834e34c81d55eb2c7d6c3f62e7
-
SSDEEP
49152:HuBpoyH1HL/3TML6pbSmocg/Ety6ZCh8Dx3O46eaPPX0fTQd:HuTSwolAVtV3cMfUd
Static task
static1
Behavioral task
behavioral1
Sample
2b6c606a88c3c7c3d9ced145f43d864dfd307e35da5bc61792c183d54fba29ec.exe
Resource
win7-20240508-en
Malware Config
Extracted
amadey
4.20
c767c0
http://5.42.96.7
-
install_dir
7af68cdb52
-
install_file
axplons.exe
-
strings_key
e2ce58e78f631ed97d01fe7b70e85d5e
-
url_paths
/zamo7h/index.php
Targets
-
-
Target
2b6c606a88c3c7c3d9ced145f43d864dfd307e35da5bc61792c183d54fba29ec
-
Size
1.8MB
-
MD5
97aca3e79ee54a3eff17a8ed25bc037d
-
SHA1
9a835971559040f587d8697379fd1e2396c7a3a8
-
SHA256
2b6c606a88c3c7c3d9ced145f43d864dfd307e35da5bc61792c183d54fba29ec
-
SHA512
7ffa1f7e657816c4fc2ca82a6cb149a5ad7e0a1f79ace3814d1deace6152fb5235f866f984a290ce3bf2865574e09d5a966b2e834e34c81d55eb2c7d6c3f62e7
-
SSDEEP
49152:HuBpoyH1HL/3TML6pbSmocg/Ety6ZCh8Dx3O46eaPPX0fTQd:HuTSwolAVtV3cMfUd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-