General
-
Target
7e88a7c92acd7c028befff6e42c7a631fa369f2f436322241e682771cbc26f5d
-
Size
1.8MB
-
Sample
240704-st2gzsycpj
-
MD5
e566d019241addf080ea9dfea9606e31
-
SHA1
ff4356991bbb88b4ddfc94d733002fb630ff92c2
-
SHA256
7e88a7c92acd7c028befff6e42c7a631fa369f2f436322241e682771cbc26f5d
-
SHA512
38c300b145d0e716ccd429c6154f88b2d9e326e35ebbcc60f3f40ffc4d2c9b03e358c177dc52ffa11dc12dc93b3ebd3f64889af33b153e9e0b5072f9da72158d
-
SSDEEP
49152:ZPeOIAakCLDT4XA11+nebMv0l9AVxOlYi:Z2O03T4XAb+ebqVxMH
Static task
static1
Behavioral task
behavioral1
Sample
7e88a7c92acd7c028befff6e42c7a631fa369f2f436322241e682771cbc26f5d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Targets
-
-
Target
7e88a7c92acd7c028befff6e42c7a631fa369f2f436322241e682771cbc26f5d
-
Size
1.8MB
-
MD5
e566d019241addf080ea9dfea9606e31
-
SHA1
ff4356991bbb88b4ddfc94d733002fb630ff92c2
-
SHA256
7e88a7c92acd7c028befff6e42c7a631fa369f2f436322241e682771cbc26f5d
-
SHA512
38c300b145d0e716ccd429c6154f88b2d9e326e35ebbcc60f3f40ffc4d2c9b03e358c177dc52ffa11dc12dc93b3ebd3f64889af33b153e9e0b5072f9da72158d
-
SSDEEP
49152:ZPeOIAakCLDT4XA11+nebMv0l9AVxOlYi:Z2O03T4XAb+ebqVxMH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-