General
-
Target
7d5588166b113d8e9b129decef443f9600a804256a8639bcbbcadcd4389104cd
-
Size
1.7MB
-
Sample
240523-p3tlysbb68
-
MD5
54c0d85df83ba39d7c99454810c5af9d
-
SHA1
e36a0b69ca609d70c190fc782b2739bdfeaf7bef
-
SHA256
7d5588166b113d8e9b129decef443f9600a804256a8639bcbbcadcd4389104cd
-
SHA512
4eb313f1df746ce21b2f6ebe814936729cc4f32af74978be022de810cd17baf136832920122db3b8cb5d94100fa9c94817148d74b40f760ec25a97e42893935d
-
SSDEEP
49152:8YnZb7fbcSFGh7GNqIxrlUn7/OttWfL56X0LIcjc4vwS:8MZb7Ivl6frM7Ott+7csFvwS
Behavioral task
behavioral1
Sample
7d5588166b113d8e9b129decef443f9600a804256a8639bcbbcadcd4389104cd.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
7d5588166b113d8e9b129decef443f9600a804256a8639bcbbcadcd4389104cd
-
Size
1.7MB
-
MD5
54c0d85df83ba39d7c99454810c5af9d
-
SHA1
e36a0b69ca609d70c190fc782b2739bdfeaf7bef
-
SHA256
7d5588166b113d8e9b129decef443f9600a804256a8639bcbbcadcd4389104cd
-
SHA512
4eb313f1df746ce21b2f6ebe814936729cc4f32af74978be022de810cd17baf136832920122db3b8cb5d94100fa9c94817148d74b40f760ec25a97e42893935d
-
SSDEEP
49152:8YnZb7fbcSFGh7GNqIxrlUn7/OttWfL56X0LIcjc4vwS:8MZb7Ivl6frM7Ott+7csFvwS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-