General
-
Target
094abd04a4a443a8ba8ad028cd1891aa62c1bb509afef99e5914286a246ebaa7
-
Size
1.8MB
-
Sample
240801-ajfteswbqd
-
MD5
204b820ac458bb5929040fcfdf6840c3
-
SHA1
00f16b786040abb7f04eb6b6bcaee9efa52dc5f1
-
SHA256
094abd04a4a443a8ba8ad028cd1891aa62c1bb509afef99e5914286a246ebaa7
-
SHA512
466138efc927c60d2cf0495d40a6be24c17f08867d75fa38f46568d0e11604db7865fb51274bc615ed67b03d056fd5ab323a0a29bef947ccc2edd9da12df3ca9
-
SSDEEP
49152:jlWjcCb3NgplmMn73GquxXK3wP4Ii5UNdKv5E2f:jlWoCbEAMnKtx6UVgW
Static task
static1
Behavioral task
behavioral1
Sample
094abd04a4a443a8ba8ad028cd1891aa62c1bb509afef99e5914286a246ebaa7.exe
Resource
win7-20240705-en
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Targets
-
-
Target
094abd04a4a443a8ba8ad028cd1891aa62c1bb509afef99e5914286a246ebaa7
-
Size
1.8MB
-
MD5
204b820ac458bb5929040fcfdf6840c3
-
SHA1
00f16b786040abb7f04eb6b6bcaee9efa52dc5f1
-
SHA256
094abd04a4a443a8ba8ad028cd1891aa62c1bb509afef99e5914286a246ebaa7
-
SHA512
466138efc927c60d2cf0495d40a6be24c17f08867d75fa38f46568d0e11604db7865fb51274bc615ed67b03d056fd5ab323a0a29bef947ccc2edd9da12df3ca9
-
SSDEEP
49152:jlWjcCb3NgplmMn73GquxXK3wP4Ii5UNdKv5E2f:jlWoCbEAMnKtx6UVgW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-