General
-
Target
413b036946af75dba74c98d52cf2a8ac969b6fded5da8a754c56776d5edc0553
-
Size
1.9MB
-
Sample
240710-j35fkaydmd
-
MD5
2624875da55238f620fa50a01d4bce57
-
SHA1
f955733b1feeb7d7b1a7eefe414c2e33c242df1c
-
SHA256
413b036946af75dba74c98d52cf2a8ac969b6fded5da8a754c56776d5edc0553
-
SHA512
0ebee57fc926ed57309b2aa8eae951ca44e71992999086e92a3b58a7448e2d610f57364b2fdbc5fefe76eb8ea557966be34b072e0f545b6514992008f6cc9159
-
SSDEEP
49152:uIbM0yp5IuJOqo6IS54+2JzQA2muJ2gB8LUWzxSB0:uI1XS5IaJ21zxSB0
Static task
static1
Behavioral task
behavioral1
Sample
413b036946af75dba74c98d52cf2a8ac969b6fded5da8a754c56776d5edc0553.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
hate
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
413b036946af75dba74c98d52cf2a8ac969b6fded5da8a754c56776d5edc0553
-
Size
1.9MB
-
MD5
2624875da55238f620fa50a01d4bce57
-
SHA1
f955733b1feeb7d7b1a7eefe414c2e33c242df1c
-
SHA256
413b036946af75dba74c98d52cf2a8ac969b6fded5da8a754c56776d5edc0553
-
SHA512
0ebee57fc926ed57309b2aa8eae951ca44e71992999086e92a3b58a7448e2d610f57364b2fdbc5fefe76eb8ea557966be34b072e0f545b6514992008f6cc9159
-
SSDEEP
49152:uIbM0yp5IuJOqo6IS54+2JzQA2muJ2gB8LUWzxSB0:uI1XS5IaJ21zxSB0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-