General
-
Target
7500daf59c798244b0b900e616ae9919b1315632e14bd786bcd249d385faa537
-
Size
1.8MB
-
Sample
240526-mxf3kagd52
-
MD5
ea48732dea117013b17330b535a4ab40
-
SHA1
652775dcd782f67834237c3545aa50ef3ab62cdf
-
SHA256
7500daf59c798244b0b900e616ae9919b1315632e14bd786bcd249d385faa537
-
SHA512
a3386330e63001adb4cc42660ce4811da92d76f5fb82b776eedba1ed029af84582a45465cc60da2e1a4d8b11caf169bd7d3c39ee6b5b3b6c7b99c92c729efc31
-
SSDEEP
49152:OalA9AapaaTzCjRopnDby1qNsOZtFCB/wh:OaMtTuwWqNsItEB/
Static task
static1
Behavioral task
behavioral1
Sample
7500daf59c798244b0b900e616ae9919b1315632e14bd786bcd249d385faa537.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Targets
-
-
Target
7500daf59c798244b0b900e616ae9919b1315632e14bd786bcd249d385faa537
-
Size
1.8MB
-
MD5
ea48732dea117013b17330b535a4ab40
-
SHA1
652775dcd782f67834237c3545aa50ef3ab62cdf
-
SHA256
7500daf59c798244b0b900e616ae9919b1315632e14bd786bcd249d385faa537
-
SHA512
a3386330e63001adb4cc42660ce4811da92d76f5fb82b776eedba1ed029af84582a45465cc60da2e1a4d8b11caf169bd7d3c39ee6b5b3b6c7b99c92c729efc31
-
SSDEEP
49152:OalA9AapaaTzCjRopnDby1qNsOZtFCB/wh:OaMtTuwWqNsItEB/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-