General
-
Target
file.exe
-
Size
1.9MB
-
Sample
240928-hwdhtssfqn
-
MD5
b8fc8a5801e3c0172a199430c7dba1d6
-
SHA1
2a53f4961410bea07de2259fd7875b30ae6a7856
-
SHA256
c438ad0f0d3f595677bfd83cfbab377224cdcc7275f7954639c113e767e8ddf5
-
SHA512
b6a2e23babec64712408dbf0e1a9ce5720a4aff14c6de3e90a756c00ec97d01f394a18608de1cb2a90f87ce6c6fa8b4829ca57f77b8c110462b65af10e9ba3ec
-
SSDEEP
49152:Pfxsg8rRSzxCa2w6G/fSrvYMSdkhNebdu:HxaVo0w6oKbYXdkhuc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Default
47.238.55.14:4449
rqwcncaesrdtlckoweu
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
file.exe
-
Size
1.9MB
-
MD5
b8fc8a5801e3c0172a199430c7dba1d6
-
SHA1
2a53f4961410bea07de2259fd7875b30ae6a7856
-
SHA256
c438ad0f0d3f595677bfd83cfbab377224cdcc7275f7954639c113e767e8ddf5
-
SHA512
b6a2e23babec64712408dbf0e1a9ce5720a4aff14c6de3e90a756c00ec97d01f394a18608de1cb2a90f87ce6c6fa8b4829ca57f77b8c110462b65af10e9ba3ec
-
SSDEEP
49152:Pfxsg8rRSzxCa2w6G/fSrvYMSdkhNebdu:HxaVo0w6oKbYXdkhuc
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-