General
-
Target
c15a200289532a6bf3daa5d28fc7423c3f106b941c6fb269a6cb846f97ae217a
-
Size
1.9MB
-
Sample
240914-zq5tkawarj
-
MD5
bb34026f6925a4ea7e7510f836e9e006
-
SHA1
cbc1507ed2c79192da63ff18886c48f4549d08fe
-
SHA256
c15a200289532a6bf3daa5d28fc7423c3f106b941c6fb269a6cb846f97ae217a
-
SHA512
3cc69a472bbf71f1d0fe2a92ca17b5f1b85760b1b36f5530a28d0b6395261309ad758a0e69143bc58dbb0db00682fe47893d801cfc1ad2254eb8bb8fac8836f6
-
SSDEEP
49152:tXvkzs46QG0OsSFiirdi/BOidx/Sqx5/+YeF:tX+sZ0OsSFhhNw/Sy/e
Static task
static1
Behavioral task
behavioral1
Sample
c15a200289532a6bf3daa5d28fc7423c3f106b941c6fb269a6cb846f97ae217a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Targets
-
-
Target
c15a200289532a6bf3daa5d28fc7423c3f106b941c6fb269a6cb846f97ae217a
-
Size
1.9MB
-
MD5
bb34026f6925a4ea7e7510f836e9e006
-
SHA1
cbc1507ed2c79192da63ff18886c48f4549d08fe
-
SHA256
c15a200289532a6bf3daa5d28fc7423c3f106b941c6fb269a6cb846f97ae217a
-
SHA512
3cc69a472bbf71f1d0fe2a92ca17b5f1b85760b1b36f5530a28d0b6395261309ad758a0e69143bc58dbb0db00682fe47893d801cfc1ad2254eb8bb8fac8836f6
-
SSDEEP
49152:tXvkzs46QG0OsSFiirdi/BOidx/Sqx5/+YeF:tX+sZ0OsSFhhNw/Sy/e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-