General
-
Target
6e17fc9650f6d32cba19fbf8bad2c5899298e3741b47ba26ded3c3f58d253864
-
Size
1.8MB
-
Sample
240524-ad9jjsed44
-
MD5
85180d4f12cdd590a1a0e1c1eebf4d04
-
SHA1
a2df0e3662b16f8fd0988665f185bd9cfe3f0705
-
SHA256
6e17fc9650f6d32cba19fbf8bad2c5899298e3741b47ba26ded3c3f58d253864
-
SHA512
0697e68ac7a36b74390cad5dca2e4725673ab7b758f56a3921015bc53ddfa1a34c8d451a4889fb9bf1a7472de4b0b3484c6dead788c7a20b9d9f8894e0a64609
-
SSDEEP
49152:v04lQwJD29bx/PBDlljfd+typmhPy+v/1l8SNGPJ:v9lvF2PHJll2ypCPZlm
Static task
static1
Behavioral task
behavioral1
Sample
6e17fc9650f6d32cba19fbf8bad2c5899298e3741b47ba26ded3c3f58d253864.exe
Resource
win7-20240508-en
Malware Config
Extracted
amadey
4.20
c767c0
http://5.42.96.7
-
install_dir
7af68cdb52
-
install_file
axplons.exe
-
strings_key
e2ce58e78f631ed97d01fe7b70e85d5e
-
url_paths
/zamo7h/index.php
Targets
-
-
Target
6e17fc9650f6d32cba19fbf8bad2c5899298e3741b47ba26ded3c3f58d253864
-
Size
1.8MB
-
MD5
85180d4f12cdd590a1a0e1c1eebf4d04
-
SHA1
a2df0e3662b16f8fd0988665f185bd9cfe3f0705
-
SHA256
6e17fc9650f6d32cba19fbf8bad2c5899298e3741b47ba26ded3c3f58d253864
-
SHA512
0697e68ac7a36b74390cad5dca2e4725673ab7b758f56a3921015bc53ddfa1a34c8d451a4889fb9bf1a7472de4b0b3484c6dead788c7a20b9d9f8894e0a64609
-
SSDEEP
49152:v04lQwJD29bx/PBDlljfd+typmhPy+v/1l8SNGPJ:v9lvF2PHJll2ypCPZlm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-