General
-
Target
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc
-
Size
2.2MB
-
Sample
240414-y7vt9aff5y
-
MD5
75a3bd9697bbf40c3d1af48e80345c95
-
SHA1
b934f824a5d24c524a23cd633e8837fad21eb423
-
SHA256
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc
-
SHA512
c3151697c09c5156290d3e17048cfb45bba2df8e57713df56a9bdbcab1a8c868b4bae364931e9d85012e32d64da9b7e4208427030583fe43ddd8e3e34992cebb
-
SSDEEP
49152:BSUl6vD5DxN6HHLJ9t8dN1f0d7Gdw1DN6ag2Tq9tCToKLuEsXGeKY1U:BSSwD5DxkwN1MIw/XpKtKzLuEzY6
Static task
static1
Behavioral task
behavioral1
Sample
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc.exe
Resource
win11-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc
-
Size
2.2MB
-
MD5
75a3bd9697bbf40c3d1af48e80345c95
-
SHA1
b934f824a5d24c524a23cd633e8837fad21eb423
-
SHA256
611eca1558b7c1a2c66cf6e27e17eb4d83ffc4b6c24d4b90c2b7b1aed8c3fafc
-
SHA512
c3151697c09c5156290d3e17048cfb45bba2df8e57713df56a9bdbcab1a8c868b4bae364931e9d85012e32d64da9b7e4208427030583fe43ddd8e3e34992cebb
-
SSDEEP
49152:BSUl6vD5DxN6HHLJ9t8dN1f0d7Gdw1DN6ag2Tq9tCToKLuEsXGeKY1U:BSSwD5DxkwN1MIw/XpKtKzLuEzY6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-