General
-
Target
b6eadd7d0488dbb96b50936d00626ba0bc63e6848f58573f79d718b8e85e6bd6
-
Size
1.9MB
-
Sample
240908-qy9m2s1eqg
-
MD5
7d60aaa2c10ad27f18b9563a1927f0f9
-
SHA1
88349ef4b7917853f1a1ed91eee3ef1997f61f00
-
SHA256
b6eadd7d0488dbb96b50936d00626ba0bc63e6848f58573f79d718b8e85e6bd6
-
SHA512
c03faa4aa8b67577a30a2e3d12232d6b3bc35a1fde2bcb13330081ae016d638b1d4fcb39f359ea95158c9b0029ec1017dde9f4a7b7a5b12f79f6bb8cfe73fbec
-
SSDEEP
49152:RSg9mkGMt/Mn3VjpNoVtUxoz5oKUSbv64ZWB:Rlk+MFr7xwdbPq
Static task
static1
Behavioral task
behavioral1
Sample
b6eadd7d0488dbb96b50936d00626ba0bc63e6848f58573f79d718b8e85e6bd6.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
c7817d
http://31.41.244.10
-
install_dir
0e8d0864aa
-
install_file
svoutse.exe
-
strings_key
5481b88a6ef75bcf21333988a4e47048
-
url_paths
/Dem7kTu/index.php
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b6eadd7d0488dbb96b50936d00626ba0bc63e6848f58573f79d718b8e85e6bd6
-
Size
1.9MB
-
MD5
7d60aaa2c10ad27f18b9563a1927f0f9
-
SHA1
88349ef4b7917853f1a1ed91eee3ef1997f61f00
-
SHA256
b6eadd7d0488dbb96b50936d00626ba0bc63e6848f58573f79d718b8e85e6bd6
-
SHA512
c03faa4aa8b67577a30a2e3d12232d6b3bc35a1fde2bcb13330081ae016d638b1d4fcb39f359ea95158c9b0029ec1017dde9f4a7b7a5b12f79f6bb8cfe73fbec
-
SSDEEP
49152:RSg9mkGMt/Mn3VjpNoVtUxoz5oKUSbv64ZWB:Rlk+MFr7xwdbPq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-