General
-
Target
Ethone.exe
-
Size
41.3MB
-
Sample
240510-26311saa28
-
MD5
141242c5ddfebec895529b44016d170e
-
SHA1
62d5bff6ad6ded0380c088f48eec979c811f9944
-
SHA256
9dabfe36a40e2408b2cd05fecf4b4e4b8044c83fa3d4fdce98c517c964d9b3c3
-
SHA512
59afd59eb9af43d161052bf6164fa883f74115de652bb288bc2ba57ae2d9c24a044ac2368b1dd28d352b2cd07b2e7ae11c87dba67b4cb8eb5961fa7c8a2407b3
-
SSDEEP
786432:ptFLjH4SBCEDXYUZB+mUBGwEv4UjozJ5XckKRWPpGLSMCaBtNcp4YcFMj/6yFtPc:prjH4SBC2ZsmUBGTLUzJhKRWS2aCzz6a
Behavioral task
behavioral1
Sample
Ethone.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Ethone.exe
-
Size
41.3MB
-
MD5
141242c5ddfebec895529b44016d170e
-
SHA1
62d5bff6ad6ded0380c088f48eec979c811f9944
-
SHA256
9dabfe36a40e2408b2cd05fecf4b4e4b8044c83fa3d4fdce98c517c964d9b3c3
-
SHA512
59afd59eb9af43d161052bf6164fa883f74115de652bb288bc2ba57ae2d9c24a044ac2368b1dd28d352b2cd07b2e7ae11c87dba67b4cb8eb5961fa7c8a2407b3
-
SSDEEP
786432:ptFLjH4SBCEDXYUZB+mUBGwEv4UjozJ5XckKRWPpGLSMCaBtNcp4YcFMj/6yFtPc:prjH4SBC2ZsmUBGTLUzJhKRWS2aCzz6a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-