General
-
Target
35cadd2f3c589e6bc0dd06b1bb5ae9d62fa5d108142aa81006dae50b7945e25f
-
Size
1.8MB
-
Sample
240525-hl4x2ahg7y
-
MD5
fe4e61e13c0b9d8f179b18608530cc21
-
SHA1
fae41b564cca41ad4140584622fe23627944c24d
-
SHA256
35cadd2f3c589e6bc0dd06b1bb5ae9d62fa5d108142aa81006dae50b7945e25f
-
SHA512
68f8ba9f8e627099e6c2b4fbe0ba3edee11a240a5c999cb7f17431354ade072dc32e9581c65d56a33f44fd790e5336d70107e42fc284d7f51315cad71f2b01ff
-
SSDEEP
49152:U0UJZVs4VuuQYwE+tg0hKgkQ2QNqls0+ZxsrJVKVFZk:PUNs4VhQioXrYWGB+zsVVKfZ
Static task
static1
Behavioral task
behavioral1
Sample
35cadd2f3c589e6bc0dd06b1bb5ae9d62fa5d108142aa81006dae50b7945e25f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Targets
-
-
Target
35cadd2f3c589e6bc0dd06b1bb5ae9d62fa5d108142aa81006dae50b7945e25f
-
Size
1.8MB
-
MD5
fe4e61e13c0b9d8f179b18608530cc21
-
SHA1
fae41b564cca41ad4140584622fe23627944c24d
-
SHA256
35cadd2f3c589e6bc0dd06b1bb5ae9d62fa5d108142aa81006dae50b7945e25f
-
SHA512
68f8ba9f8e627099e6c2b4fbe0ba3edee11a240a5c999cb7f17431354ade072dc32e9581c65d56a33f44fd790e5336d70107e42fc284d7f51315cad71f2b01ff
-
SSDEEP
49152:U0UJZVs4VuuQYwE+tg0hKgkQ2QNqls0+ZxsrJVKVFZk:PUNs4VhQioXrYWGB+zsVVKfZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-