General
-
Target
8d43b272106ab06884f589032061b8cba2ec45a1ed626d8bdbe0a62ee2b49b68
-
Size
1.8MB
-
Sample
240909-beamaatgpj
-
MD5
997f7d75e029c3d5d9a71c25711fd48b
-
SHA1
156203ee5517be48391fb5ed785f13750c895f99
-
SHA256
8d43b272106ab06884f589032061b8cba2ec45a1ed626d8bdbe0a62ee2b49b68
-
SHA512
49a8db7287819aba53e3896a182f82f36c3fe1fac768a20b1c82a935efd3a9963860a63da568ffd48615e24db1f66b42d5c9037b7da82ab0479cb7ac139293e0
-
SSDEEP
49152:jVsGBEr0uVdRjNsKbQblYHL8eazKn3ip0m:jSfdRxs792yp
Static task
static1
Behavioral task
behavioral1
Sample
8d43b272106ab06884f589032061b8cba2ec45a1ed626d8bdbe0a62ee2b49b68.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
c7817d
http://31.41.244.10
-
install_dir
0e8d0864aa
-
install_file
svoutse.exe
-
strings_key
5481b88a6ef75bcf21333988a4e47048
-
url_paths
/Dem7kTu/index.php
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
8d43b272106ab06884f589032061b8cba2ec45a1ed626d8bdbe0a62ee2b49b68
-
Size
1.8MB
-
MD5
997f7d75e029c3d5d9a71c25711fd48b
-
SHA1
156203ee5517be48391fb5ed785f13750c895f99
-
SHA256
8d43b272106ab06884f589032061b8cba2ec45a1ed626d8bdbe0a62ee2b49b68
-
SHA512
49a8db7287819aba53e3896a182f82f36c3fe1fac768a20b1c82a935efd3a9963860a63da568ffd48615e24db1f66b42d5c9037b7da82ab0479cb7ac139293e0
-
SSDEEP
49152:jVsGBEr0uVdRjNsKbQblYHL8eazKn3ip0m:jSfdRxs792yp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-