General
-
Target
eb90c32e2fcc3d5b5a33dddbec55eb02b09c0f0fb08e9bfc29a529685ebe20fb
-
Size
1.8MB
-
Sample
240630-nzqkfsxdka
-
MD5
42b633eac3a7415b01516bc14ad42310
-
SHA1
2b6d8f886a59b5b29d3df7d8fe1d1924325cefcf
-
SHA256
eb90c32e2fcc3d5b5a33dddbec55eb02b09c0f0fb08e9bfc29a529685ebe20fb
-
SHA512
25f492072d57dbd49ed2a211f53d0f5794d6056a633d8b568f1d88f734bbbd831c3791494c7c734c0e55ff253437edda842d922c13a9fc959b65b8804358a224
-
SSDEEP
49152:moKpJrja5ijpX60ZuEbllo05whwqt2Tf:NKpJniupK0xbXVuwbT
Static task
static1
Behavioral task
behavioral1
Sample
eb90c32e2fcc3d5b5a33dddbec55eb02b09c0f0fb08e9bfc29a529685ebe20fb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
default
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
eb90c32e2fcc3d5b5a33dddbec55eb02b09c0f0fb08e9bfc29a529685ebe20fb
-
Size
1.8MB
-
MD5
42b633eac3a7415b01516bc14ad42310
-
SHA1
2b6d8f886a59b5b29d3df7d8fe1d1924325cefcf
-
SHA256
eb90c32e2fcc3d5b5a33dddbec55eb02b09c0f0fb08e9bfc29a529685ebe20fb
-
SHA512
25f492072d57dbd49ed2a211f53d0f5794d6056a633d8b568f1d88f734bbbd831c3791494c7c734c0e55ff253437edda842d922c13a9fc959b65b8804358a224
-
SSDEEP
49152:moKpJrja5ijpX60ZuEbllo05whwqt2Tf:NKpJniupK0xbXVuwbT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-