General
-
Target
58da8cfd9a09e819f764a43fd9328887e72ba9516a9311f52074c578dfea5c57
-
Size
1.8MB
-
Sample
240425-d6j15see95
-
MD5
128f955bef3288a593575e04a3b494fe
-
SHA1
a35c17589fa1e3de73c8212183c8da4a238e076e
-
SHA256
58da8cfd9a09e819f764a43fd9328887e72ba9516a9311f52074c578dfea5c57
-
SHA512
a007341a0def9b6db865c820fec31ddc36b95314e058a1d5910fe2daae7e84026a01ea5dd224ad5bc8920f7ada39a899cb7d0742833f8fb0fe80c87ead572cc1
-
SSDEEP
49152:kuaBznMUXmZKVfuZwQpVWVKtV98GGlpb808:ceUXmUVfuClV2slpb8N
Static task
static1
Behavioral task
behavioral1
Sample
58da8cfd9a09e819f764a43fd9328887e72ba9516a9311f52074c578dfea5c57.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
amadey
4.17
http://193.233.132.167
-
install_dir
4d0ab15804
-
install_file
chrosha.exe
-
strings_key
1a9519d7b465e1f4880fa09a6162d768
-
url_paths
/enigma/index.php
Targets
-
-
Target
58da8cfd9a09e819f764a43fd9328887e72ba9516a9311f52074c578dfea5c57
-
Size
1.8MB
-
MD5
128f955bef3288a593575e04a3b494fe
-
SHA1
a35c17589fa1e3de73c8212183c8da4a238e076e
-
SHA256
58da8cfd9a09e819f764a43fd9328887e72ba9516a9311f52074c578dfea5c57
-
SHA512
a007341a0def9b6db865c820fec31ddc36b95314e058a1d5910fe2daae7e84026a01ea5dd224ad5bc8920f7ada39a899cb7d0742833f8fb0fe80c87ead572cc1
-
SSDEEP
49152:kuaBznMUXmZKVfuZwQpVWVKtV98GGlpb808:ceUXmUVfuClV2slpb8N
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-