General
-
Target
ccf2d36f20f564d567bfbd238b6fbe47d86b65a096a41ae0ee4a9673003d2f04
-
Size
1.8MB
-
Sample
240701-x8enzsyhjr
-
MD5
7076a0272638693862f34c58198fb9b3
-
SHA1
ab40554e0f92b8bc3888b5be69deabd93f16e563
-
SHA256
ccf2d36f20f564d567bfbd238b6fbe47d86b65a096a41ae0ee4a9673003d2f04
-
SHA512
1a0f2c12439742187ee803675ac0195398e2e386a41265718f8fe31b220d90b23aa49a717bede994103c17e100f2e674f9ebc9f8181fb4ef4b81cb5bc7edd56b
-
SSDEEP
49152:DzmTXZhMBSAXTGF4kbfFOunSKPmQBUUADV:DIZGGi3VFwUUA
Static task
static1
Behavioral task
behavioral1
Sample
ccf2d36f20f564d567bfbd238b6fbe47d86b65a096a41ae0ee4a9673003d2f04.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
default
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
ccf2d36f20f564d567bfbd238b6fbe47d86b65a096a41ae0ee4a9673003d2f04
-
Size
1.8MB
-
MD5
7076a0272638693862f34c58198fb9b3
-
SHA1
ab40554e0f92b8bc3888b5be69deabd93f16e563
-
SHA256
ccf2d36f20f564d567bfbd238b6fbe47d86b65a096a41ae0ee4a9673003d2f04
-
SHA512
1a0f2c12439742187ee803675ac0195398e2e386a41265718f8fe31b220d90b23aa49a717bede994103c17e100f2e674f9ebc9f8181fb4ef4b81cb5bc7edd56b
-
SSDEEP
49152:DzmTXZhMBSAXTGF4kbfFOunSKPmQBUUADV:DIZGGi3VFwUUA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-