General
-
Target
240630-mfzhkswelc_pw_infected.zip
-
Size
1.8MB
-
Sample
240630-mqf4zswfne
-
MD5
47ba5d5fea3bb566aca0d8d43e5f474c
-
SHA1
2f7cf8b33b5141222a1f8aff28375ebe20311e03
-
SHA256
5ff744962f24ff19c76f45bf704b1a3b31c73269989565c888dc74ad04a61dbe
-
SHA512
c27a78ebd7f1e7715232a5078e9271adf526f510aaf529e87ef3992b140cf495775a115ee5fe92f09b9cb12275dfbb20c23c52fd8c2e53ee580975ff055130e3
-
SSDEEP
49152:nHG5Xeriu37RSTHTkPP+95oNgJ3e//7ABXnDlQHHDgaX+YOV:mXerz32HTkn+Po5/ETqHDgaONV
Static task
static1
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Targets
-
-
Target
585dad4590d9a7722a93434b59d8c37a5d21ff9deb0d5fff0b242d8b8268db98
-
Size
1.8MB
-
MD5
908243a9511f16a9e6365cd83328b032
-
SHA1
9c5c9f3b75dac14e77303933c11df64e2649c5c1
-
SHA256
585dad4590d9a7722a93434b59d8c37a5d21ff9deb0d5fff0b242d8b8268db98
-
SHA512
0b601ae823a9d07b0e8a2250d7ab1ddf7779fedf4713521d3afca81a0bb0fba87bbe32d1aebc748d590639d20a407a84f025ecc5541cf2364c9588d871bb64da
-
SSDEEP
49152:RMhIGBD39f7f1bjW5Q0BzH4p6xbeOBbJAPI7e:RvGBD39LNa5Q0pA6xbtAPI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-