General
-
Target
c4018bc43f68d743e27c66f1965324de4f50c4679dbf9a837d61a3c3f65a6700
-
Size
1.8MB
-
Sample
240627-29wq4sxepf
-
MD5
5d9f97449bc6630cd56b37e35bd7f548
-
SHA1
d959cb404a0eef36edf884405008f694eacc77ce
-
SHA256
c4018bc43f68d743e27c66f1965324de4f50c4679dbf9a837d61a3c3f65a6700
-
SHA512
df5cbb4dc3f44436f6793fa7ee0de9b0f538b54e9123ce8e6f8fe8f81c3c63dd2b504af735095425f847459b5ec51bb576c7bc1ad559161ce41d59722dc271f2
-
SSDEEP
24576:basnvoTQBJdJzDKp7+vwSrc1OM7nIR05NEDrYE2p1iGSQMrdnQJynkqzqF0SXKoO:XnvoT8KpUFY11rfyt2ziGSQWWskl27
Static task
static1
Behavioral task
behavioral1
Sample
c4018bc43f68d743e27c66f1965324de4f50c4679dbf9a837d61a3c3f65a6700.exe
Resource
win7-20240419-en
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Targets
-
-
Target
c4018bc43f68d743e27c66f1965324de4f50c4679dbf9a837d61a3c3f65a6700
-
Size
1.8MB
-
MD5
5d9f97449bc6630cd56b37e35bd7f548
-
SHA1
d959cb404a0eef36edf884405008f694eacc77ce
-
SHA256
c4018bc43f68d743e27c66f1965324de4f50c4679dbf9a837d61a3c3f65a6700
-
SHA512
df5cbb4dc3f44436f6793fa7ee0de9b0f538b54e9123ce8e6f8fe8f81c3c63dd2b504af735095425f847459b5ec51bb576c7bc1ad559161ce41d59722dc271f2
-
SSDEEP
24576:basnvoTQBJdJzDKp7+vwSrc1OM7nIR05NEDrYE2p1iGSQMrdnQJynkqzqF0SXKoO:XnvoT8KpUFY11rfyt2ziGSQWWskl27
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-