General
-
Target
random.exe
-
Size
1.8MB
-
Sample
241009-v17npazelp
-
MD5
943a436679c95411bc5da871d8008d10
-
SHA1
d4e2afafbff0c18e550a288445f01691ffaf392b
-
SHA256
72bdba42bc3c1e989c816a5e8e5469ffe1f405fc5b4f5a4378e643c0eded671c
-
SHA512
e55a56523f39b0997aff6fef89e7e31b88429e97e740ab850bfd635477c9b959f4f40af894e68bea4f045d450ac13ca5748969b900f1779b04b35d991b9da8d4
-
SSDEEP
49152:N6lFBtYQgvRAxODmBMBLDRbchcPoMZ3IDG/Ah6RXG+2:N6lTiQgvR4BMJdQhcPdIG/PRW+
Static task
static1
Behavioral task
behavioral1
Sample
random.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.41
0657d1
http://185.215.113.19
-
install_dir
0d8f5eb8a7
-
install_file
explorti.exe
-
strings_key
6c55a5f34bb433fbd933a168577b1838
-
url_paths
/Vi9leo/index.php
Targets
-
-
Target
random.exe
-
Size
1.8MB
-
MD5
943a436679c95411bc5da871d8008d10
-
SHA1
d4e2afafbff0c18e550a288445f01691ffaf392b
-
SHA256
72bdba42bc3c1e989c816a5e8e5469ffe1f405fc5b4f5a4378e643c0eded671c
-
SHA512
e55a56523f39b0997aff6fef89e7e31b88429e97e740ab850bfd635477c9b959f4f40af894e68bea4f045d450ac13ca5748969b900f1779b04b35d991b9da8d4
-
SSDEEP
49152:N6lFBtYQgvRAxODmBMBLDRbchcPoMZ3IDG/Ah6RXG+2:N6lTiQgvR4BMJdQhcPdIG/PRW+
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-