General
-
Target
47320da4317411d20f4d1db59ff58322fbe0e15966fbce261360e76b16613e0c
-
Size
1.8MB
-
Sample
240523-3ce8jadb2w
-
MD5
6a6b4b7a18b213f91f5a0be6b915dcef
-
SHA1
5e3850bbfa576a31b45bbfdde5b2634717c0dc0a
-
SHA256
47320da4317411d20f4d1db59ff58322fbe0e15966fbce261360e76b16613e0c
-
SHA512
75e7b0a196d16516d02e0dc4cbb27358c377607d7770ea166d0f74ce3a0e62d32d6f4dfe8c95bc4ec81d9042de19dd67f69968db3b5da8aa9d51021c25e22b81
-
SSDEEP
49152:cW5Au+gql5SNdMufdDh2PfE6CdJwKjI8bKp:/8vYWCdeH
Static task
static1
Behavioral task
behavioral1
Sample
47320da4317411d20f4d1db59ff58322fbe0e15966fbce261360e76b16613e0c.exe
Resource
win7-20240220-en
Malware Config
Extracted
amadey
4.20
c767c0
http://5.42.96.7
-
install_dir
7af68cdb52
-
install_file
axplons.exe
-
strings_key
e2ce58e78f631ed97d01fe7b70e85d5e
-
url_paths
/zamo7h/index.php
Targets
-
-
Target
47320da4317411d20f4d1db59ff58322fbe0e15966fbce261360e76b16613e0c
-
Size
1.8MB
-
MD5
6a6b4b7a18b213f91f5a0be6b915dcef
-
SHA1
5e3850bbfa576a31b45bbfdde5b2634717c0dc0a
-
SHA256
47320da4317411d20f4d1db59ff58322fbe0e15966fbce261360e76b16613e0c
-
SHA512
75e7b0a196d16516d02e0dc4cbb27358c377607d7770ea166d0f74ce3a0e62d32d6f4dfe8c95bc4ec81d9042de19dd67f69968db3b5da8aa9d51021c25e22b81
-
SSDEEP
49152:cW5Au+gql5SNdMufdDh2PfE6CdJwKjI8bKp:/8vYWCdeH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-