General
-
Target
d3c56ee4a45dc9e2f325fd7cf1ec8d121a53bcd63a590317bb29a5fbe8af9251
-
Size
1.9MB
-
Sample
240524-whafxaec74
-
MD5
dffb21ecddcbb21a51b72cd7ccaf0bfa
-
SHA1
b70388e7ca53b5dbbf3f65fd6edba5a9311c5e48
-
SHA256
d3c56ee4a45dc9e2f325fd7cf1ec8d121a53bcd63a590317bb29a5fbe8af9251
-
SHA512
087a1d09ca6d11e82f77c41d03e521330cf7e1de38c50a82655381eb193eea066cb917ea88490428edcec773e6e2c039dc792ba1f0ec3da87ce142373ea2e5eb
-
SSDEEP
49152:aryPU5Zf/RTEHLZkNubl1rfDn+OGd9PD3o:aryPiZfp4rZksl1H+Ld9P
Static task
static1
Behavioral task
behavioral1
Sample
d3c56ee4a45dc9e2f325fd7cf1ec8d121a53bcd63a590317bb29a5fbe8af9251.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Targets
-
-
Target
d3c56ee4a45dc9e2f325fd7cf1ec8d121a53bcd63a590317bb29a5fbe8af9251
-
Size
1.9MB
-
MD5
dffb21ecddcbb21a51b72cd7ccaf0bfa
-
SHA1
b70388e7ca53b5dbbf3f65fd6edba5a9311c5e48
-
SHA256
d3c56ee4a45dc9e2f325fd7cf1ec8d121a53bcd63a590317bb29a5fbe8af9251
-
SHA512
087a1d09ca6d11e82f77c41d03e521330cf7e1de38c50a82655381eb193eea066cb917ea88490428edcec773e6e2c039dc792ba1f0ec3da87ce142373ea2e5eb
-
SSDEEP
49152:aryPU5Zf/RTEHLZkNubl1rfDn+OGd9PD3o:aryPiZfp4rZksl1H+Ld9P
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-