General
-
Target
1a07405b4a27c36668f7f9d792198e20ca8f891a97ed2e34bd98f13f16a9b0c6
-
Size
1.8MB
-
Sample
240524-c6ynvsad68
-
MD5
d0775acf00c3a07db634667a11f33c88
-
SHA1
e58441ce0b5e8049bdd24d3b66a37311abdc6aae
-
SHA256
1a07405b4a27c36668f7f9d792198e20ca8f891a97ed2e34bd98f13f16a9b0c6
-
SHA512
2e7dbbb694c7bb1f91171bef3d911375ed051793b61082defcf6a7450abe8e7a2f123668c4f3a8af7321ebb9df78671f574df135ea302b23380c3fde631b287c
-
SSDEEP
49152:CjGtM2OEl+jV4TrYrIQDhDxgj7G9MnXNJovrGY:sGC2cIQhxgj7G9Y5Y
Behavioral task
behavioral1
Sample
1a07405b4a27c36668f7f9d792198e20ca8f891a97ed2e34bd98f13f16a9b0c6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
1a07405b4a27c36668f7f9d792198e20ca8f891a97ed2e34bd98f13f16a9b0c6
-
Size
1.8MB
-
MD5
d0775acf00c3a07db634667a11f33c88
-
SHA1
e58441ce0b5e8049bdd24d3b66a37311abdc6aae
-
SHA256
1a07405b4a27c36668f7f9d792198e20ca8f891a97ed2e34bd98f13f16a9b0c6
-
SHA512
2e7dbbb694c7bb1f91171bef3d911375ed051793b61082defcf6a7450abe8e7a2f123668c4f3a8af7321ebb9df78671f574df135ea302b23380c3fde631b287c
-
SSDEEP
49152:CjGtM2OEl+jV4TrYrIQDhDxgj7G9MnXNJovrGY:sGC2cIQhxgj7G9Y5Y
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-