General
-
Target
cc3dce38fa384ae1f81a0ae1924c67eb7ab1210efe2bebfa02794bd590cc54a6N
-
Size
1.8MB
-
Sample
241002-p37tks1brb
-
MD5
1ce0e0c9f47dc959032b2183ab0e6fa0
-
SHA1
992fc567f345c862b3489ee922c66126446d54f1
-
SHA256
cc3dce38fa384ae1f81a0ae1924c67eb7ab1210efe2bebfa02794bd590cc54a6
-
SHA512
487080d0c04d515d24c5a04a65c7c64d4c6cdfcc920219c82b7473ad2f59180dcc8e8f1e7e81232bb5b96d11ac99364d12b519cd746802d58d9ad0ce29ee0615
-
SSDEEP
49152:jWw6rL+V3LblWSn47kq0m/crhvEi/7y5o:jgYln47om0Nvf/m
Static task
static1
Behavioral task
behavioral1
Sample
cc3dce38fa384ae1f81a0ae1924c67eb7ab1210efe2bebfa02794bd590cc54a6N.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.42
9c9aa5
http://185.215.113.43
-
install_dir
abc3bc1985
-
install_file
skotes.exe
-
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
-
url_paths
/Zu7JuNko/index.php
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
cc3dce38fa384ae1f81a0ae1924c67eb7ab1210efe2bebfa02794bd590cc54a6N
-
Size
1.8MB
-
MD5
1ce0e0c9f47dc959032b2183ab0e6fa0
-
SHA1
992fc567f345c862b3489ee922c66126446d54f1
-
SHA256
cc3dce38fa384ae1f81a0ae1924c67eb7ab1210efe2bebfa02794bd590cc54a6
-
SHA512
487080d0c04d515d24c5a04a65c7c64d4c6cdfcc920219c82b7473ad2f59180dcc8e8f1e7e81232bb5b96d11ac99364d12b519cd746802d58d9ad0ce29ee0615
-
SSDEEP
49152:jWw6rL+V3LblWSn47kq0m/crhvEi/7y5o:jgYln47om0Nvf/m
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-