General
-
Target
file.exe
-
Size
1.8MB
-
Sample
240926-wek38ssgre
-
MD5
2ec94acbf5439b6b76b4a04d1d779397
-
SHA1
d43e4758f63e3c425c4ebed21d9393424f18206a
-
SHA256
1232b1aee31f39db334e9233e7658f5dfdc588f3f698e619c3a0c9b3484c1629
-
SHA512
2983a6eb702bef684df84b41c8da43b111af7318ec3515145fe36c542b07ccb9d7aaa59b107282060e9c420d90915e897f9ef2c3b95b793830118c49dbd90bd6
-
SSDEEP
49152:XMz4/uhkyElzZRXsGajUuG5iH0TY/2g9r7:cz4o7ElzLBNGoYr7
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Extracted
stealc
save
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Extracted
amadey
4.42
9c9aa5
http://185.215.113.43
-
install_dir
abc3bc1985
-
install_file
skotes.exe
-
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
-
url_paths
/Zu7JuNko/index.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
2ec94acbf5439b6b76b4a04d1d779397
-
SHA1
d43e4758f63e3c425c4ebed21d9393424f18206a
-
SHA256
1232b1aee31f39db334e9233e7658f5dfdc588f3f698e619c3a0c9b3484c1629
-
SHA512
2983a6eb702bef684df84b41c8da43b111af7318ec3515145fe36c542b07ccb9d7aaa59b107282060e9c420d90915e897f9ef2c3b95b793830118c49dbd90bd6
-
SSDEEP
49152:XMz4/uhkyElzZRXsGajUuG5iH0TY/2g9r7:cz4o7ElzLBNGoYr7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1