General
-
Target
0a8673bbea31ae21e9e87be408752436.exe
-
Size
3.1MB
-
Sample
241224-mdm2rsvldw
-
MD5
0a8673bbea31ae21e9e87be408752436
-
SHA1
a8c29df353c7af7928ce3e24a9f606f0787109ac
-
SHA256
e2ae261a55bc83c0e3c9ab657a16d2c76a329b6a4ff40370119e079f2631b69c
-
SHA512
31d1336cf35adecbed5d42e6910b24fbe01e4671aa12815c5d1d00b27f93228f35f290f570c4142622d53f8b91b4adc764020ec2d52a5ed18794308ebc64aad3
-
SSDEEP
49152:aUnOVfsVG4mPq3wMSk7+7NNnAXbfHQfiXCbSByOPssk:vnafcXmPUwMSk7+TnuLyTO0
Static task
static1
Behavioral task
behavioral1
Sample
0a8673bbea31ae21e9e87be408752436.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.42
9c9aa5
http://185.215.113.43
-
install_dir
abc3bc1985
-
install_file
skotes.exe
-
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
-
url_paths
/Zu7JuNko/index.php
Targets
-
-
Target
0a8673bbea31ae21e9e87be408752436.exe
-
Size
3.1MB
-
MD5
0a8673bbea31ae21e9e87be408752436
-
SHA1
a8c29df353c7af7928ce3e24a9f606f0787109ac
-
SHA256
e2ae261a55bc83c0e3c9ab657a16d2c76a329b6a4ff40370119e079f2631b69c
-
SHA512
31d1336cf35adecbed5d42e6910b24fbe01e4671aa12815c5d1d00b27f93228f35f290f570c4142622d53f8b91b4adc764020ec2d52a5ed18794308ebc64aad3
-
SSDEEP
49152:aUnOVfsVG4mPq3wMSk7+7NNnAXbfHQfiXCbSByOPssk:vnafcXmPUwMSk7+TnuLyTO0
-
Amadey family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-