General
-
Target
aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
-
Size
1.8MB
-
Sample
240712-fnckfssaqf
-
MD5
b216ac082608e4fd08c4dfb765dd61c9
-
SHA1
9f9eeb5f1d152e1d0d24dc51e910f772f0acacec
-
SHA256
aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
-
SHA512
51accd2042eaf9459c5b60bf79c0f786f33058be3ccf853fc6e8a1bec3d4aa992d17481a91e9f9370bd836fb9eea67155368c34f01f9b940d39d1f141b25a495
-
SSDEEP
49152:j7h5kRwehJbhar3b8uROfHyqX6Qz84ova3V1S:j7D8wMJbWRIjqwBoT
Static task
static1
Behavioral task
behavioral1
Sample
aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
hate
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
-
Size
1.8MB
-
MD5
b216ac082608e4fd08c4dfb765dd61c9
-
SHA1
9f9eeb5f1d152e1d0d24dc51e910f772f0acacec
-
SHA256
aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
-
SHA512
51accd2042eaf9459c5b60bf79c0f786f33058be3ccf853fc6e8a1bec3d4aa992d17481a91e9f9370bd836fb9eea67155368c34f01f9b940d39d1f141b25a495
-
SSDEEP
49152:j7h5kRwehJbhar3b8uROfHyqX6Qz84ova3V1S:j7D8wMJbWRIjqwBoT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-