General
-
Target
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6.exe
-
Size
1.7MB
-
Sample
250303-dgm2havmw5
-
MD5
775d48c5ca9cec5cb17ba4990e100b80
-
SHA1
d51bdc3fc06fadd66fa0549c0c6924a52f980c91
-
SHA256
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6
-
SHA512
de2a9adf415acf0d300c1d660141d4fcdcd15885750abdfa36253cb848cfb0d14f4529ce66ab8a6227d741fa52c7a6b59dc7253d269e0ffa0ebaa0782146f690
-
SSDEEP
49152:VWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtVG:VhGW4OOCbhGQy
Static task
static1
Behavioral task
behavioral1
Sample
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
systembc
towerbingobongoboom.com
213.209.150.137
Targets
-
-
Target
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6.exe
-
Size
1.7MB
-
MD5
775d48c5ca9cec5cb17ba4990e100b80
-
SHA1
d51bdc3fc06fadd66fa0549c0c6924a52f980c91
-
SHA256
ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6
-
SHA512
de2a9adf415acf0d300c1d660141d4fcdcd15885750abdfa36253cb848cfb0d14f4529ce66ab8a6227d741fa52c7a6b59dc7253d269e0ffa0ebaa0782146f690
-
SSDEEP
49152:VWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtVG:VhGW4OOCbhGQy
Score10/10-
Systembc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-