General
-
Target
1ee151938a5acca2bee5536dd26766c4f3bca4518f1621c00347a2bfae3803d3
-
Size
2.2MB
-
Sample
240414-werwsadd9z
-
MD5
ffb773c78cf231db79e8cf8613577909
-
SHA1
add63ff666c2219816831a6e8b7371178d433647
-
SHA256
1ee151938a5acca2bee5536dd26766c4f3bca4518f1621c00347a2bfae3803d3
-
SHA512
90181ba76bc654d5fc129124063d52a800af1a3f63e375e61670308a7a2e0dbf9f9543ca5264a26a26d4d35a955ae3ca5b56d635e08f5aaa6989d044cf308e07
-
SSDEEP
49152:/SUl6vD5DxN6HHLJFwmDHYcY7tVQ2gSTv2BkQHz6oxoZhMoxy:/SSwD5DxkBZYZVQ2Pfw63iK
Static task
static1
Behavioral task
behavioral1
Sample
1ee151938a5acca2bee5536dd26766c4f3bca4518f1621c00347a2bfae3803d3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
1ee151938a5acca2bee5536dd26766c4f3bca4518f1621c00347a2bfae3803d3
-
Size
2.2MB
-
MD5
ffb773c78cf231db79e8cf8613577909
-
SHA1
add63ff666c2219816831a6e8b7371178d433647
-
SHA256
1ee151938a5acca2bee5536dd26766c4f3bca4518f1621c00347a2bfae3803d3
-
SHA512
90181ba76bc654d5fc129124063d52a800af1a3f63e375e61670308a7a2e0dbf9f9543ca5264a26a26d4d35a955ae3ca5b56d635e08f5aaa6989d044cf308e07
-
SSDEEP
49152:/SUl6vD5DxN6HHLJFwmDHYcY7tVQ2gSTv2BkQHz6oxoZhMoxy:/SSwD5DxkBZYZVQ2Pfw63iK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-