General
-
Target
72514680e699cc4abc8749e4f598812d7657d2d97afc79acbb232a105bd798ad
-
Size
1.9MB
-
Sample
240526-3eed1sgh39
-
MD5
287c2ee332935fb45136dda837ef8a90
-
SHA1
f711ac5be6ac6756ff5e3c15e259a26a9e2b8062
-
SHA256
72514680e699cc4abc8749e4f598812d7657d2d97afc79acbb232a105bd798ad
-
SHA512
2298c2e237eb838ac768b65ca6191463aff7456e300739cf31b5058f9ffb3f8279f3e65b14fdec236a43d1c2423df27a9b8396ad34ca3b048d491623af75394f
-
SSDEEP
49152:MkT6IdqacUNCdg1TiABgwbsYd+nOAQIEZu:MkPz4gDndjV
Static task
static1
Behavioral task
behavioral1
Sample
72514680e699cc4abc8749e4f598812d7657d2d97afc79acbb232a105bd798ad.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Targets
-
-
Target
72514680e699cc4abc8749e4f598812d7657d2d97afc79acbb232a105bd798ad
-
Size
1.9MB
-
MD5
287c2ee332935fb45136dda837ef8a90
-
SHA1
f711ac5be6ac6756ff5e3c15e259a26a9e2b8062
-
SHA256
72514680e699cc4abc8749e4f598812d7657d2d97afc79acbb232a105bd798ad
-
SHA512
2298c2e237eb838ac768b65ca6191463aff7456e300739cf31b5058f9ffb3f8279f3e65b14fdec236a43d1c2423df27a9b8396ad34ca3b048d491623af75394f
-
SSDEEP
49152:MkT6IdqacUNCdg1TiABgwbsYd+nOAQIEZu:MkPz4gDndjV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-