General
-
Target
5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061
-
Size
2.2MB
-
Sample
240414-n1frmsbc6s
-
MD5
41e957d5dd6d65fea81115c57fd187de
-
SHA1
d76cd71a9a9d1d319ae9ff3fee8cd2e3c340a1f2
-
SHA256
5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061
-
SHA512
b586a276d1245ae088d8373b4bf32ed4c1e47b7244b3b7b28ede221a7edb1066ea51065fe59b89cde033e98de89b53dbc1211d452c5649af0d0419572000395f
-
SSDEEP
49152:uSUl6vD5DxN6HHLJ9t7vB0C/0ArDpP/PHqZCFUS0Du1Gu6tgRqqSGV:uSSwD5Dxk1J0C/05CFn0a1GjtgRPSG
Static task
static1
Behavioral task
behavioral1
Sample
5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061
-
Size
2.2MB
-
MD5
41e957d5dd6d65fea81115c57fd187de
-
SHA1
d76cd71a9a9d1d319ae9ff3fee8cd2e3c340a1f2
-
SHA256
5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061
-
SHA512
b586a276d1245ae088d8373b4bf32ed4c1e47b7244b3b7b28ede221a7edb1066ea51065fe59b89cde033e98de89b53dbc1211d452c5649af0d0419572000395f
-
SSDEEP
49152:uSUl6vD5DxN6HHLJ9t7vB0C/0ArDpP/PHqZCFUS0Du1Gu6tgRqqSGV:uSSwD5Dxk1J0C/05CFn0a1GjtgRPSG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-