General
-
Target
6fa8d2a8e9da69d547c4d1873b3cb0f1abf1502c0dba33c047e6ced1304d0520
-
Size
1.8MB
-
Sample
240523-jz4pvsac83
-
MD5
acf3322bc23c39b03e7af19420741869
-
SHA1
388ca68ea08f6ee697e32c4b5495f270e8550cf8
-
SHA256
6fa8d2a8e9da69d547c4d1873b3cb0f1abf1502c0dba33c047e6ced1304d0520
-
SHA512
e8a3d60ce538df9cb436ca888ac02ef8aea146c43b420415bd4b6c9f44e2f45a0be8bae7d47eb3dc1bcfe83f0e46c099d476da8197bd3e1dbf0449e2953e3f20
-
SSDEEP
49152:f5MJYixn8qIz93v4jpATYjx/3e1+hgc4zAhu:2z58xp3dYjJOkgc4zP
Behavioral task
behavioral1
Sample
6fa8d2a8e9da69d547c4d1873b3cb0f1abf1502c0dba33c047e6ced1304d0520.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
6fa8d2a8e9da69d547c4d1873b3cb0f1abf1502c0dba33c047e6ced1304d0520
-
Size
1.8MB
-
MD5
acf3322bc23c39b03e7af19420741869
-
SHA1
388ca68ea08f6ee697e32c4b5495f270e8550cf8
-
SHA256
6fa8d2a8e9da69d547c4d1873b3cb0f1abf1502c0dba33c047e6ced1304d0520
-
SHA512
e8a3d60ce538df9cb436ca888ac02ef8aea146c43b420415bd4b6c9f44e2f45a0be8bae7d47eb3dc1bcfe83f0e46c099d476da8197bd3e1dbf0449e2953e3f20
-
SSDEEP
49152:f5MJYixn8qIz93v4jpATYjx/3e1+hgc4zAhu:2z58xp3dYjJOkgc4zP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-