General
-
Target
f037c5fb6c347546b7fca14b26bfdc22bc53b8bf9daed783241501801a5de679
-
Size
1.8MB
-
Sample
240428-m3cx4aed31
-
MD5
d229b9f59fb22483d27553712c7c2042
-
SHA1
ad09965298392356c14528bce165c9b51a771018
-
SHA256
f037c5fb6c347546b7fca14b26bfdc22bc53b8bf9daed783241501801a5de679
-
SHA512
bf50845a9923974469c569aeaf26cfb0dd606d7c3bdac357b181c056b2988ede2e6d9657f5ac83c18b5521dd908486b39ca5259e5b2e2202e1d0927fcb306582
-
SSDEEP
49152:jlSYts+0HnyqxME6j/ukP+ZRMIR7ypD4am9fDBGPggdqVwu:jlSY+H3W7jmkPyRMz4awIn6w
Static task
static1
Behavioral task
behavioral1
Sample
f037c5fb6c347546b7fca14b26bfdc22bc53b8bf9daed783241501801a5de679.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
amadey
4.17
http://193.233.132.167
-
install_dir
4d0ab15804
-
install_file
chrosha.exe
-
strings_key
1a9519d7b465e1f4880fa09a6162d768
-
url_paths
/enigma/index.php
Targets
-
-
Target
f037c5fb6c347546b7fca14b26bfdc22bc53b8bf9daed783241501801a5de679
-
Size
1.8MB
-
MD5
d229b9f59fb22483d27553712c7c2042
-
SHA1
ad09965298392356c14528bce165c9b51a771018
-
SHA256
f037c5fb6c347546b7fca14b26bfdc22bc53b8bf9daed783241501801a5de679
-
SHA512
bf50845a9923974469c569aeaf26cfb0dd606d7c3bdac357b181c056b2988ede2e6d9657f5ac83c18b5521dd908486b39ca5259e5b2e2202e1d0927fcb306582
-
SSDEEP
49152:jlSYts+0HnyqxME6j/ukP+ZRMIR7ypD4am9fDBGPggdqVwu:jlSY+H3W7jmkPyRMz4awIn6w
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-