General
-
Target
43acb4cf7279a58c6205d3549da42ffcdf9c5796486b6ca27effc7f36693edac
-
Size
1.8MB
-
Sample
240701-tw9f2ssdnl
-
MD5
ae24324175446bccd3298ffa07ded812
-
SHA1
295e05190fc70f2dd9b720ba63a376f40d6962fe
-
SHA256
43acb4cf7279a58c6205d3549da42ffcdf9c5796486b6ca27effc7f36693edac
-
SHA512
d1f9489ef5c6ae1261793f49c415d298e0275b6e98edb5fa2b8789b65afdff32bdb9ce5fe7d6ba29fb28a551290f9e56ab6d0d35b74415f0f35e84f4f38a433f
-
SSDEEP
49152:6nA6ToaAlxrYp/blEz99cjZ6Me5Kd/yuJ8JqNjT7wwV:6nAQ4Z8aTcjUMaKUumJqNj4wV
Static task
static1
Behavioral task
behavioral1
Sample
43acb4cf7279a58c6205d3549da42ffcdf9c5796486b6ca27effc7f36693edac.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
default
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
43acb4cf7279a58c6205d3549da42ffcdf9c5796486b6ca27effc7f36693edac
-
Size
1.8MB
-
MD5
ae24324175446bccd3298ffa07ded812
-
SHA1
295e05190fc70f2dd9b720ba63a376f40d6962fe
-
SHA256
43acb4cf7279a58c6205d3549da42ffcdf9c5796486b6ca27effc7f36693edac
-
SHA512
d1f9489ef5c6ae1261793f49c415d298e0275b6e98edb5fa2b8789b65afdff32bdb9ce5fe7d6ba29fb28a551290f9e56ab6d0d35b74415f0f35e84f4f38a433f
-
SSDEEP
49152:6nA6ToaAlxrYp/blEz99cjZ6Me5Kd/yuJ8JqNjT7wwV:6nAQ4Z8aTcjUMaKUumJqNj4wV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-