General
-
Target
89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c
-
Size
2.2MB
-
Sample
240414-rrl4vahb98
-
MD5
91937dfa2879443a7fed48596edcdf17
-
SHA1
b4867b55cd5442c2ceda49c671da60fc93e7dbe7
-
SHA256
89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c
-
SHA512
1c0b1eed239ff1fec5ce300cf5a9892383c2158f5e1b590ae626862f37affa259f670c2e06df489eea68aff1d093884a3cb4127ba2cc63baa9bf1419f02b7dc5
-
SSDEEP
49152:kSUl6vD5DxN6HHLJ9tFjRJNYPgeao9LgiV6GMi4CqYVihiuUZ57:kSSwD5DxkTRAgW9LgisdviN
Static task
static1
Behavioral task
behavioral1
Sample
89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c
-
Size
2.2MB
-
MD5
91937dfa2879443a7fed48596edcdf17
-
SHA1
b4867b55cd5442c2ceda49c671da60fc93e7dbe7
-
SHA256
89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c
-
SHA512
1c0b1eed239ff1fec5ce300cf5a9892383c2158f5e1b590ae626862f37affa259f670c2e06df489eea68aff1d093884a3cb4127ba2cc63baa9bf1419f02b7dc5
-
SSDEEP
49152:kSUl6vD5DxN6HHLJ9tFjRJNYPgeao9LgiV6GMi4CqYVihiuUZ57:kSSwD5DxkTRAgW9LgisdviN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-