General
-
Target
5ed0f760e6fc2b7d02f85dc1ac055f46fc43cf0fcefc44a27f2942b3e8fb0c43
-
Size
1.7MB
-
Sample
240523-3v8mssdg8v
-
MD5
3d1f43d1bde15490b0e82ba37445276e
-
SHA1
2882f75016eb37fa9399fb466c8e307068f4aca4
-
SHA256
5ed0f760e6fc2b7d02f85dc1ac055f46fc43cf0fcefc44a27f2942b3e8fb0c43
-
SHA512
31827806e35f867983bab69e1e98c680602e15e3e3e431ceb302dbca2e864896185ee796dfde17bb401bbcf8c4f583ee727afc1a360ecf5e9d020eefbc7b3923
-
SSDEEP
24576:9XHn7i3MWNhePJBqRzdDGk7QUy3CihbBVHoMCPWJkmmfHQleKtTtR5wpfwio5s:RH7i3LN8PzUZDyT5c+mfyNBtR5w17Ws
Behavioral task
behavioral1
Sample
5ed0f760e6fc2b7d02f85dc1ac055f46fc43cf0fcefc44a27f2942b3e8fb0c43.exe
Resource
win7-20240221-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
5ed0f760e6fc2b7d02f85dc1ac055f46fc43cf0fcefc44a27f2942b3e8fb0c43
-
Size
1.7MB
-
MD5
3d1f43d1bde15490b0e82ba37445276e
-
SHA1
2882f75016eb37fa9399fb466c8e307068f4aca4
-
SHA256
5ed0f760e6fc2b7d02f85dc1ac055f46fc43cf0fcefc44a27f2942b3e8fb0c43
-
SHA512
31827806e35f867983bab69e1e98c680602e15e3e3e431ceb302dbca2e864896185ee796dfde17bb401bbcf8c4f583ee727afc1a360ecf5e9d020eefbc7b3923
-
SSDEEP
24576:9XHn7i3MWNhePJBqRzdDGk7QUy3CihbBVHoMCPWJkmmfHQleKtTtR5wpfwio5s:RH7i3LN8PzUZDyT5c+mfyNBtR5w17Ws
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-