General
-
Target
02334e1809e9d1df4b6405caa468dbd8481102f4f538dce69a86e6f14bb16993
-
Size
1.9MB
-
Sample
240524-xwhvwafh4y
-
MD5
6efe1a09a8b922e729fb7dd7e7745ade
-
SHA1
5dd0430b302b374588c4fc984e9314c76565cb70
-
SHA256
02334e1809e9d1df4b6405caa468dbd8481102f4f538dce69a86e6f14bb16993
-
SHA512
dc76dcadb06d8c608b686b7aecb2e730e2dde8646db114075c74f214532be5dcd25d073c42312a3b378a850772ba232abd358da98ec56bb3fbe49559d132b901
-
SSDEEP
49152:6PWHSxn9MIlyZo6Fps23DoBFU4984B8jsCzQ35pjHUpt:6PWUs9B8BFz8jUjHUT
Static task
static1
Behavioral task
behavioral1
Sample
02334e1809e9d1df4b6405caa468dbd8481102f4f538dce69a86e6f14bb16993.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Targets
-
-
Target
02334e1809e9d1df4b6405caa468dbd8481102f4f538dce69a86e6f14bb16993
-
Size
1.9MB
-
MD5
6efe1a09a8b922e729fb7dd7e7745ade
-
SHA1
5dd0430b302b374588c4fc984e9314c76565cb70
-
SHA256
02334e1809e9d1df4b6405caa468dbd8481102f4f538dce69a86e6f14bb16993
-
SHA512
dc76dcadb06d8c608b686b7aecb2e730e2dde8646db114075c74f214532be5dcd25d073c42312a3b378a850772ba232abd358da98ec56bb3fbe49559d132b901
-
SSDEEP
49152:6PWHSxn9MIlyZo6Fps23DoBFU4984B8jsCzQ35pjHUpt:6PWUs9B8BFz8jUjHUT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-