General
-
Target
b3fae6c5156b4d6639974bfcb689efebe43244ca6ce4789681e7d0fecb97abbd
-
Size
1.9MB
-
Sample
240630-eleflatejd
-
MD5
6c932f10489d6100981164c9e4887fad
-
SHA1
480f7688861f68f3fd8ba60c4c17836fe91dd561
-
SHA256
b3fae6c5156b4d6639974bfcb689efebe43244ca6ce4789681e7d0fecb97abbd
-
SHA512
3df9455fd37efb7ae5e917e5ed0a9c741fb2aabd83824892f96029ee6b8feda4991b421bd9c1e4612fa73cf586b303b7b9b5d77ac6c51803161a3aa053ea28e8
-
SSDEEP
49152:Nji9bUlndWxdW5azMW7gRnUX2CT1sU9eLu1BR0L6nE7uYeZu:S4/+dXzMcrX2C6UGL6nYuT
Static task
static1
Behavioral task
behavioral1
Sample
b3fae6c5156b4d6639974bfcb689efebe43244ca6ce4789681e7d0fecb97abbd.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
default
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
b3fae6c5156b4d6639974bfcb689efebe43244ca6ce4789681e7d0fecb97abbd
-
Size
1.9MB
-
MD5
6c932f10489d6100981164c9e4887fad
-
SHA1
480f7688861f68f3fd8ba60c4c17836fe91dd561
-
SHA256
b3fae6c5156b4d6639974bfcb689efebe43244ca6ce4789681e7d0fecb97abbd
-
SHA512
3df9455fd37efb7ae5e917e5ed0a9c741fb2aabd83824892f96029ee6b8feda4991b421bd9c1e4612fa73cf586b303b7b9b5d77ac6c51803161a3aa053ea28e8
-
SSDEEP
49152:Nji9bUlndWxdW5azMW7gRnUX2CT1sU9eLu1BR0L6nE7uYeZu:S4/+dXzMcrX2C6UGL6nYuT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-