General
-
Target
b4ef618422c5c4f681a9bc1852cb04f03247bf9f86f1c6095f8485fdffde3390
-
Size
1.8MB
-
Sample
240626-lv61jayfkh
-
MD5
f2aef3b38d91c72afb681c5eded18a85
-
SHA1
71a95ce0e1444c932aa36ddabfbe97e7acac439b
-
SHA256
b4ef618422c5c4f681a9bc1852cb04f03247bf9f86f1c6095f8485fdffde3390
-
SHA512
39ef4596b7b56a3109f0194d35357c47a120a1a9710233b7b88424ffffb139ac9c5f9926c2f8efa1055ddb49af0bc9d52ca931f68c0209c3295d0c90899155d3
-
SSDEEP
49152:Uj+xjXrmwxbqEFw8cOYMipy9A/EGvvXSqsB9kUAqLLK:Uj+xfmyHbdik943iqsXAyK
Static task
static1
Behavioral task
behavioral1
Sample
b4ef618422c5c4f681a9bc1852cb04f03247bf9f86f1c6095f8485fdffde3390.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Targets
-
-
Target
b4ef618422c5c4f681a9bc1852cb04f03247bf9f86f1c6095f8485fdffde3390
-
Size
1.8MB
-
MD5
f2aef3b38d91c72afb681c5eded18a85
-
SHA1
71a95ce0e1444c932aa36ddabfbe97e7acac439b
-
SHA256
b4ef618422c5c4f681a9bc1852cb04f03247bf9f86f1c6095f8485fdffde3390
-
SHA512
39ef4596b7b56a3109f0194d35357c47a120a1a9710233b7b88424ffffb139ac9c5f9926c2f8efa1055ddb49af0bc9d52ca931f68c0209c3295d0c90899155d3
-
SSDEEP
49152:Uj+xjXrmwxbqEFw8cOYMipy9A/EGvvXSqsB9kUAqLLK:Uj+xfmyHbdik943iqsXAyK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-