General
-
Target
c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d
-
Size
2.2MB
-
Sample
240414-mx2z2aga75
-
MD5
a4b722d6297249b39f775c6fa5662720
-
SHA1
d3ae43c1e8b04a65639ca4fab72d3b91210a2c85
-
SHA256
c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d
-
SHA512
63ee754b30bb041e303b8a9b0c53e1e0932c587eedd58fd110f2e96fdc869fcdb5719aba79d0c0c138f896e7cbafc907d1d3eac7e8204f67900d4d263e419e9b
-
SSDEEP
49152:PSUl6vD5DxN6HHLJ9tmeJT4FouC8cnVxAJjzocH8J3oQPlO:PSSwD5DxkIeJ3LJjAJonJ3nPs
Static task
static1
Behavioral task
behavioral1
Sample
c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d
-
Size
2.2MB
-
MD5
a4b722d6297249b39f775c6fa5662720
-
SHA1
d3ae43c1e8b04a65639ca4fab72d3b91210a2c85
-
SHA256
c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d
-
SHA512
63ee754b30bb041e303b8a9b0c53e1e0932c587eedd58fd110f2e96fdc869fcdb5719aba79d0c0c138f896e7cbafc907d1d3eac7e8204f67900d4d263e419e9b
-
SSDEEP
49152:PSUl6vD5DxN6HHLJ9tmeJT4FouC8cnVxAJjzocH8J3oQPlO:PSSwD5DxkIeJ3LJjAJonJ3nPs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-