General
-
Target
6b09ea84b2b82f09738c20291c006dd6b2e0ea18fd1419d683fd4cbc96b908e3
-
Size
2.3MB
-
Sample
240704-2kgkwsvhpd
-
MD5
a172a633883700f3cbf25ed1ae260a2f
-
SHA1
7cbd7a29423eb3f2cd3a7560eff0d83fd6567539
-
SHA256
6b09ea84b2b82f09738c20291c006dd6b2e0ea18fd1419d683fd4cbc96b908e3
-
SHA512
60b52f4ed479534c1a072572ebceffb9b37ccf48099aeab083e34291ec2c8fd1cd7359c8287a9ef93facaf4bd74f97ddbab90e7dfe6473f0a98fa9e1b215dc39
-
SSDEEP
49152:klrnW6E1DoLNTZMrKbvTgs7WIKM7rpgkFojRe9avSfl504YeLg:kJWFo5TSrK3/7WIdGGwOTA5eLg
Static task
static1
Behavioral task
behavioral1
Sample
6b09ea84b2b82f09738c20291c006dd6b2e0ea18fd1419d683fd4cbc96b908e3.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
Nice
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Targets
-
-
Target
6b09ea84b2b82f09738c20291c006dd6b2e0ea18fd1419d683fd4cbc96b908e3
-
Size
2.3MB
-
MD5
a172a633883700f3cbf25ed1ae260a2f
-
SHA1
7cbd7a29423eb3f2cd3a7560eff0d83fd6567539
-
SHA256
6b09ea84b2b82f09738c20291c006dd6b2e0ea18fd1419d683fd4cbc96b908e3
-
SHA512
60b52f4ed479534c1a072572ebceffb9b37ccf48099aeab083e34291ec2c8fd1cd7359c8287a9ef93facaf4bd74f97ddbab90e7dfe6473f0a98fa9e1b215dc39
-
SSDEEP
49152:klrnW6E1DoLNTZMrKbvTgs7WIKM7rpgkFojRe9avSfl504YeLg:kJWFo5TSrK3/7WIdGGwOTA5eLg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-