General
-
Target
7e5fbac8a474b8082983455af8102f63b20606b6c85287c4fd5766c9cb673b45
-
Size
1.8MB
-
Sample
240908-qeenkaxflr
-
MD5
2823c875bca3fe7550bfe5ca70b94ef1
-
SHA1
ccf3255d4fbde389c7de5a1acbf782257f354cba
-
SHA256
7e5fbac8a474b8082983455af8102f63b20606b6c85287c4fd5766c9cb673b45
-
SHA512
04f4e84b03d37b9d0710378848e340819fbb570922bbe3f61a0c677d260b4c2e49bb13491b3703457ffcdcd95b3611118d3f4ff1e57b9eb4dc985f77c0d3b2fb
-
SSDEEP
49152:NJHBRgsV055BgRlTYzeZMtEevhXX3qjir0yt:NJh+scSRlUzey+evhXnqB
Static task
static1
Behavioral task
behavioral1
Sample
7e5fbac8a474b8082983455af8102f63b20606b6c85287c4fd5766c9cb673b45.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
c7817d
http://31.41.244.10
-
install_dir
0e8d0864aa
-
install_file
svoutse.exe
-
strings_key
5481b88a6ef75bcf21333988a4e47048
-
url_paths
/Dem7kTu/index.php
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
7e5fbac8a474b8082983455af8102f63b20606b6c85287c4fd5766c9cb673b45
-
Size
1.8MB
-
MD5
2823c875bca3fe7550bfe5ca70b94ef1
-
SHA1
ccf3255d4fbde389c7de5a1acbf782257f354cba
-
SHA256
7e5fbac8a474b8082983455af8102f63b20606b6c85287c4fd5766c9cb673b45
-
SHA512
04f4e84b03d37b9d0710378848e340819fbb570922bbe3f61a0c677d260b4c2e49bb13491b3703457ffcdcd95b3611118d3f4ff1e57b9eb4dc985f77c0d3b2fb
-
SSDEEP
49152:NJHBRgsV055BgRlTYzeZMtEevhXX3qjir0yt:NJh+scSRlUzey+evhXnqB
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-