General
-
Target
2001a7c6d0d4f52bcf66b92549cfc65b02402616bd5326a7d6be05f1a867cc6a
-
Size
1.8MB
-
Sample
240911-vf4fja1hln
-
MD5
bff4ceb37b77145e8f06aa3737774ca6
-
SHA1
dec882c181b76ba7e7addb3e36b266de1be0d50c
-
SHA256
2001a7c6d0d4f52bcf66b92549cfc65b02402616bd5326a7d6be05f1a867cc6a
-
SHA512
bae50ea68b8f4b08b2679f8081001b7c06a19212d6abe2a75a12760c86a2c5b12d5d2ff283ba73bca2ee4b97a7b98b4498738af779d31175bd35874440d7e7cc
-
SSDEEP
49152:sftC9TnTyPQFApIzr9/rJ20Vx+ZNjZeAh40UuVvtu+p:yg9rTfFA+blf6FPUuVFJ
Static task
static1
Behavioral task
behavioral1
Sample
2001a7c6d0d4f52bcf66b92549cfc65b02402616bd5326a7d6be05f1a867cc6a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Targets
-
-
Target
2001a7c6d0d4f52bcf66b92549cfc65b02402616bd5326a7d6be05f1a867cc6a
-
Size
1.8MB
-
MD5
bff4ceb37b77145e8f06aa3737774ca6
-
SHA1
dec882c181b76ba7e7addb3e36b266de1be0d50c
-
SHA256
2001a7c6d0d4f52bcf66b92549cfc65b02402616bd5326a7d6be05f1a867cc6a
-
SHA512
bae50ea68b8f4b08b2679f8081001b7c06a19212d6abe2a75a12760c86a2c5b12d5d2ff283ba73bca2ee4b97a7b98b4498738af779d31175bd35874440d7e7cc
-
SSDEEP
49152:sftC9TnTyPQFApIzr9/rJ20Vx+ZNjZeAh40UuVvtu+p:yg9rTfFA+blf6FPUuVFJ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-