General
-
Target
4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1
-
Size
1.8MB
-
Sample
240811-ybhj2svajn
-
MD5
42dcc541d73a751e3b18aa806fd47c45
-
SHA1
b5294d58c4187097f1f2ad4ca965920c0aa3edbb
-
SHA256
4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1
-
SHA512
b3169a2b0759a4bf66d9169dcb883d6d53702b22077a78798976a97bbe0e07155e8ab88fc1b0f3879e49751b6b4ad8ce3f469f351d929877e831d0fb1cce0c94
-
SSDEEP
49152:wTx6Lfgi1DP1tfOrbnyPb4B1JIkNoFG7t5PxOqW:KULf7lGKsBcSou5Pkq
Static task
static1
Behavioral task
behavioral1
Sample
4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
0657d1
http://185.215.113.19
-
install_dir
0d8f5eb8a7
-
install_file
explorti.exe
-
strings_key
6c55a5f34bb433fbd933a168577b1838
-
url_paths
/Vi9leo/index.php
Targets
-
-
Target
4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1
-
Size
1.8MB
-
MD5
42dcc541d73a751e3b18aa806fd47c45
-
SHA1
b5294d58c4187097f1f2ad4ca965920c0aa3edbb
-
SHA256
4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1
-
SHA512
b3169a2b0759a4bf66d9169dcb883d6d53702b22077a78798976a97bbe0e07155e8ab88fc1b0f3879e49751b6b4ad8ce3f469f351d929877e831d0fb1cce0c94
-
SSDEEP
49152:wTx6Lfgi1DP1tfOrbnyPb4B1JIkNoFG7t5PxOqW:KULf7lGKsBcSou5Pkq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-