General
-
Target
93852877ecea2b4b6b2c6052ff4cfba7decc62331ca4a298e738fc5643067171
-
Size
2.2MB
-
Sample
240414-2dd67aab6z
-
MD5
b8db6cf76bbdde15d621c268c5e6ce68
-
SHA1
8b197d978d7fdfcba2f5348dc93286ac711bbbf4
-
SHA256
93852877ecea2b4b6b2c6052ff4cfba7decc62331ca4a298e738fc5643067171
-
SHA512
d6962ee71f72992371a56ff2d04a8af261ceda2350890460377e44223ce1c407f6c1f01bc526adaf87446ef247597d15d2b9fa5857fd305404cd6aa4827aad8e
-
SSDEEP
49152:SSUl6vD5DxN6HHLJ9t7YFlYAdUk6XOaEbBZzQKHN0iXC/:SSSwD5DxkIG4Uk6ea6znqiS/
Static task
static1
Behavioral task
behavioral1
Sample
93852877ecea2b4b6b2c6052ff4cfba7decc62331ca4a298e738fc5643067171.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
93852877ecea2b4b6b2c6052ff4cfba7decc62331ca4a298e738fc5643067171
-
Size
2.2MB
-
MD5
b8db6cf76bbdde15d621c268c5e6ce68
-
SHA1
8b197d978d7fdfcba2f5348dc93286ac711bbbf4
-
SHA256
93852877ecea2b4b6b2c6052ff4cfba7decc62331ca4a298e738fc5643067171
-
SHA512
d6962ee71f72992371a56ff2d04a8af261ceda2350890460377e44223ce1c407f6c1f01bc526adaf87446ef247597d15d2b9fa5857fd305404cd6aa4827aad8e
-
SSDEEP
49152:SSUl6vD5DxN6HHLJ9t7YFlYAdUk6XOaEbBZzQKHN0iXC/:SSSwD5DxkIG4Uk6ea6znqiS/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-