General
-
Target
7bcb6c91621a4a3484d0d305b5c4791fef8bd5af656da440d2c48671d2dbab60
-
Size
1.7MB
-
Sample
240523-epm7xadd3y
-
MD5
558f79e0fee42f7bbba6041cdca0a879
-
SHA1
86a57912e7d62e07e5281c1aeb900d08775c63c1
-
SHA256
7bcb6c91621a4a3484d0d305b5c4791fef8bd5af656da440d2c48671d2dbab60
-
SHA512
0497bbcb900630713c89236beee0919c080fddeffed3c5a5a5bc14b242a0d0a5b631a8b56b6a96df2d541a6ec4c07d767f970169fed1edc99dee33e6f73793a6
-
SSDEEP
49152:5UTNaUJAB9LJVlJSOkrjsfdC59HV9k1DLwNjrFi:5UTEg+zO4CvHV61DL6M
Behavioral task
behavioral1
Sample
7bcb6c91621a4a3484d0d305b5c4791fef8bd5af656da440d2c48671d2dbab60.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
7bcb6c91621a4a3484d0d305b5c4791fef8bd5af656da440d2c48671d2dbab60
-
Size
1.7MB
-
MD5
558f79e0fee42f7bbba6041cdca0a879
-
SHA1
86a57912e7d62e07e5281c1aeb900d08775c63c1
-
SHA256
7bcb6c91621a4a3484d0d305b5c4791fef8bd5af656da440d2c48671d2dbab60
-
SHA512
0497bbcb900630713c89236beee0919c080fddeffed3c5a5a5bc14b242a0d0a5b631a8b56b6a96df2d541a6ec4c07d767f970169fed1edc99dee33e6f73793a6
-
SSDEEP
49152:5UTNaUJAB9LJVlJSOkrjsfdC59HV9k1DLwNjrFi:5UTEg+zO4CvHV61DL6M
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-