General
-
Target
30f55b9f45ee962f4184bf944db410a955b116394f5a5a37e5147c5c82fad4d8
-
Size
1.9MB
-
Sample
240704-atxvpawdla
-
MD5
237d618c4c6714dff8d9c4f7cf39a7ae
-
SHA1
288cd51ebb40f3e4f7ae8fd38a8c0ee4fe2fe11a
-
SHA256
30f55b9f45ee962f4184bf944db410a955b116394f5a5a37e5147c5c82fad4d8
-
SHA512
4ad3ba7e2fa72cb5a6edec44c0baf6604ef62c1ea1970a809c340bdfced606df7cd749cdf1f4e944120786c36b7ffee854136379a5452c01ce1cb2a3ad64b5fb
-
SSDEEP
49152:k7VnLd39uga0bwLefgg3RwKYiP9yX8VZ8diCCXL/oNARONy:k7pZ0ggLqgghwXEQX8V+diCC7PRONy
Static task
static1
Behavioral task
behavioral1
Sample
30f55b9f45ee962f4184bf944db410a955b116394f5a5a37e5147c5c82fad4d8.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Extracted
stealc
jony
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
30f55b9f45ee962f4184bf944db410a955b116394f5a5a37e5147c5c82fad4d8
-
Size
1.9MB
-
MD5
237d618c4c6714dff8d9c4f7cf39a7ae
-
SHA1
288cd51ebb40f3e4f7ae8fd38a8c0ee4fe2fe11a
-
SHA256
30f55b9f45ee962f4184bf944db410a955b116394f5a5a37e5147c5c82fad4d8
-
SHA512
4ad3ba7e2fa72cb5a6edec44c0baf6604ef62c1ea1970a809c340bdfced606df7cd749cdf1f4e944120786c36b7ffee854136379a5452c01ce1cb2a3ad64b5fb
-
SSDEEP
49152:k7VnLd39uga0bwLefgg3RwKYiP9yX8VZ8diCCXL/oNARONy:k7pZ0ggLqgghwXEQX8V+diCC7PRONy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-