General
-
Target
chrosha.exe
-
Size
1.8MB
-
Sample
240629-ph6qsaxdkh
-
MD5
73d73c48859fc7aa4fd78d9a57f859d6
-
SHA1
c1f71ea0692d97c653ff5a5ecbc03fd02173fe05
-
SHA256
d46a8fa545385ab42ca58f6175b13f4b9989d88322ab624f646623b4a52a4876
-
SHA512
f0634be539582016c03e83f3ca58d613fc16abcc0a9c320321f455234a8f2dc1c199fc52187abac5e4cbbe7b7907afdaa89813f50cbecd611f7e870ee7f8e979
-
SSDEEP
24576:Snk5YKXHSuRlxqOd8pF2h99TqJWVs/ae2c01R/QTS5I0aQrnnuls5py6sDya:0YNxd7h9hqJ2s/ae10e0aiCKrsu
Static task
static1
Behavioral task
behavioral1
Sample
chrosha.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
chrosha.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
chrosha.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
amadey
4.17
090bb7
http://193.233.132.167
-
install_dir
4d0ab15804
-
install_file
chrosha.exe
-
strings_key
1a9519d7b465e1f4880fa09a6162d768
-
url_paths
/enigma/index.php
Targets
-
-
Target
chrosha.exe
-
Size
1.8MB
-
MD5
73d73c48859fc7aa4fd78d9a57f859d6
-
SHA1
c1f71ea0692d97c653ff5a5ecbc03fd02173fe05
-
SHA256
d46a8fa545385ab42ca58f6175b13f4b9989d88322ab624f646623b4a52a4876
-
SHA512
f0634be539582016c03e83f3ca58d613fc16abcc0a9c320321f455234a8f2dc1c199fc52187abac5e4cbbe7b7907afdaa89813f50cbecd611f7e870ee7f8e979
-
SSDEEP
24576:Snk5YKXHSuRlxqOd8pF2h99TqJWVs/ae2c01R/QTS5I0aQrnnuls5py6sDya:0YNxd7h9hqJ2s/ae10e0aiCKrsu
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-