General
-
Target
5ba259a95268804d2ec9d7b2f9bf772b8d7370d479643b90c695399fb470157c
-
Size
1.8MB
-
Sample
240524-y7at3shh6s
-
MD5
b41891c3946233ce7f636682a92ff84e
-
SHA1
153db26bba483248126244c30e0caad025383940
-
SHA256
5ba259a95268804d2ec9d7b2f9bf772b8d7370d479643b90c695399fb470157c
-
SHA512
eed4bb1b97c516c62fd3762da85da6b5496fcb1c9a215545b434fa05075514bfc01c6e59a1550907ff3e123e64a6ceb5582e9eb08a83f9f19d37366f26b7282a
-
SSDEEP
49152:n58YES69Ag2Yw7GznSrWFgnjq1I7uGRhAx8U:Cf9AdWWnOk2W
Static task
static1
Behavioral task
behavioral1
Sample
5ba259a95268804d2ec9d7b2f9bf772b8d7370d479643b90c695399fb470157c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Targets
-
-
Target
5ba259a95268804d2ec9d7b2f9bf772b8d7370d479643b90c695399fb470157c
-
Size
1.8MB
-
MD5
b41891c3946233ce7f636682a92ff84e
-
SHA1
153db26bba483248126244c30e0caad025383940
-
SHA256
5ba259a95268804d2ec9d7b2f9bf772b8d7370d479643b90c695399fb470157c
-
SHA512
eed4bb1b97c516c62fd3762da85da6b5496fcb1c9a215545b434fa05075514bfc01c6e59a1550907ff3e123e64a6ceb5582e9eb08a83f9f19d37366f26b7282a
-
SSDEEP
49152:n58YES69Ag2Yw7GznSrWFgnjq1I7uGRhAx8U:Cf9AdWWnOk2W
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-