General

  • Target

    2Elynyru.exe

  • Size

    1.7MB

  • Sample

    231011-2yzcvscf42

  • MD5

    6c8965f1d56a93b0bf67780f7c2fa965

  • SHA1

    c3beaf2bf36e40c5e1afb3c0e879ae1d25f02922

  • SHA256

    52817df4b19ffc52e81384b3117888fc053326b9635152fcbd7ca62d00801887

  • SHA512

    6693d6851842c3693b4fb866e97de0c3e560a5c1776fab6ffae17af5c814b723f5284f756cdc396149645a61821a698548ef159dd424b85e5842d4d74cf84b22

  • SSDEEP

    49152:WBRmRJuZoLIEk0zZVACftmxN4akoFc0y6sFzxT:WZ/R0VAMmx/FldsdT

Malware Config

Targets

    • Target

      2Elynyru.exe

    • Size

      1.7MB

    • MD5

      6c8965f1d56a93b0bf67780f7c2fa965

    • SHA1

      c3beaf2bf36e40c5e1afb3c0e879ae1d25f02922

    • SHA256

      52817df4b19ffc52e81384b3117888fc053326b9635152fcbd7ca62d00801887

    • SHA512

      6693d6851842c3693b4fb866e97de0c3e560a5c1776fab6ffae17af5c814b723f5284f756cdc396149645a61821a698548ef159dd424b85e5842d4d74cf84b22

    • SSDEEP

      49152:WBRmRJuZoLIEk0zZVACftmxN4akoFc0y6sFzxT:WZ/R0VAMmx/FldsdT

    • Phemedrone

      An information and wallet stealer written in C#.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks