General
-
Target
61a74fc2932e5366c94003627a076983386b0b99749b8056d044a0b47f4b19cd
-
Size
1.7MB
-
Sample
240523-2vnf7acd21
-
MD5
077d26e77094024063e926d5bb6be1ea
-
SHA1
a64d41d37c1ae9da2cd814bf4b3d4bd9999a879c
-
SHA256
61a74fc2932e5366c94003627a076983386b0b99749b8056d044a0b47f4b19cd
-
SHA512
75565519eaf7b7a0ea935d865745bb9d7eb4c16f1ca7b9c2b38b006c02dd9893c9ee4be3c4534593ea2da99771f6cd68d0e6334c8ee82436d10da260a4e18763
-
SSDEEP
24576:2eoBQ7elePDKl/ndJLD4Aq48NjFqq6VhClLR1wB80BGcJxitU25xt3D84WpL4ZxV:N2QyleLKhddDdInN1UBG1U2RD7GLIqo
Behavioral task
behavioral1
Sample
61a74fc2932e5366c94003627a076983386b0b99749b8056d044a0b47f4b19cd.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
61a74fc2932e5366c94003627a076983386b0b99749b8056d044a0b47f4b19cd
-
Size
1.7MB
-
MD5
077d26e77094024063e926d5bb6be1ea
-
SHA1
a64d41d37c1ae9da2cd814bf4b3d4bd9999a879c
-
SHA256
61a74fc2932e5366c94003627a076983386b0b99749b8056d044a0b47f4b19cd
-
SHA512
75565519eaf7b7a0ea935d865745bb9d7eb4c16f1ca7b9c2b38b006c02dd9893c9ee4be3c4534593ea2da99771f6cd68d0e6334c8ee82436d10da260a4e18763
-
SSDEEP
24576:2eoBQ7elePDKl/ndJLD4Aq48NjFqq6VhClLR1wB80BGcJxitU25xt3D84WpL4ZxV:N2QyleLKhddDdInN1UBG1U2RD7GLIqo
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-