General
-
Target
02fdb484381f56f449465097dc54fbb253ddb07c09ded0c83f4d99c86aef8625
-
Size
1.8MB
-
Sample
240910-z9d5ysxcpc
-
MD5
43abe894d2b9d4f26497805d13d6aa83
-
SHA1
3bca34feca041ef7b7299692ecc59ce277b8225c
-
SHA256
02fdb484381f56f449465097dc54fbb253ddb07c09ded0c83f4d99c86aef8625
-
SHA512
d7a7f5344386923a6318a747b7b3243c1bf87880b335b158b7a50eab79eead7f11c93569641dbd45d5fafb85e6dd924ef4849c7c263080aaac921bec7e5ea0dc
-
SSDEEP
49152:WVUr4kA7ETxaAuXA5b3q+ZWLD03JiSKg8ZudeHo:1UL7isANq+Z33dMZuIo
Static task
static1
Behavioral task
behavioral1
Sample
02fdb484381f56f449465097dc54fbb253ddb07c09ded0c83f4d99c86aef8625.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Targets
-
-
Target
02fdb484381f56f449465097dc54fbb253ddb07c09ded0c83f4d99c86aef8625
-
Size
1.8MB
-
MD5
43abe894d2b9d4f26497805d13d6aa83
-
SHA1
3bca34feca041ef7b7299692ecc59ce277b8225c
-
SHA256
02fdb484381f56f449465097dc54fbb253ddb07c09ded0c83f4d99c86aef8625
-
SHA512
d7a7f5344386923a6318a747b7b3243c1bf87880b335b158b7a50eab79eead7f11c93569641dbd45d5fafb85e6dd924ef4849c7c263080aaac921bec7e5ea0dc
-
SSDEEP
49152:WVUr4kA7ETxaAuXA5b3q+ZWLD03JiSKg8ZudeHo:1UL7isANq+Z33dMZuIo
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-