General
-
Target
2Elynyru.exe
-
Size
1.7MB
-
Sample
231011-2yzcvscf42
-
MD5
6c8965f1d56a93b0bf67780f7c2fa965
-
SHA1
c3beaf2bf36e40c5e1afb3c0e879ae1d25f02922
-
SHA256
52817df4b19ffc52e81384b3117888fc053326b9635152fcbd7ca62d00801887
-
SHA512
6693d6851842c3693b4fb866e97de0c3e560a5c1776fab6ffae17af5c814b723f5284f756cdc396149645a61821a698548ef159dd424b85e5842d4d74cf84b22
-
SSDEEP
49152:WBRmRJuZoLIEk0zZVACftmxN4akoFc0y6sFzxT:WZ/R0VAMmx/FldsdT
Static task
static1
Behavioral task
behavioral1
Sample
2Elynyru.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2Elynyru.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
2Elynyru.exe
-
Size
1.7MB
-
MD5
6c8965f1d56a93b0bf67780f7c2fa965
-
SHA1
c3beaf2bf36e40c5e1afb3c0e879ae1d25f02922
-
SHA256
52817df4b19ffc52e81384b3117888fc053326b9635152fcbd7ca62d00801887
-
SHA512
6693d6851842c3693b4fb866e97de0c3e560a5c1776fab6ffae17af5c814b723f5284f756cdc396149645a61821a698548ef159dd424b85e5842d4d74cf84b22
-
SSDEEP
49152:WBRmRJuZoLIEk0zZVACftmxN4akoFc0y6sFzxT:WZ/R0VAMmx/FldsdT
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-