General
-
Target
20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a.exe
-
Size
2.1MB
-
Sample
240415-beqy9sad25
-
MD5
81713557ea8d0af915183a948912d141
-
SHA1
a8bb761c5eeb489f723eaed913c4f249e09ee466
-
SHA256
20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a
-
SHA512
c5ec019dc7fc44c375597d1c728cf3067471c1551a8cdca2298f7823191e9f193e8c3fb531bea4c8643077ad66427c60b0857c2785f5ef756b547e99b5db818d
-
SSDEEP
49152:JSUl6vD5DxN6HHLJFwMh90uMu2zRbqf1aAzhN4JK0sHncU011Q:JSSwD5Dxk5eQmK0mm11
Static task
static1
Behavioral task
behavioral1
Sample
20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a.exe
Resource
win7-20231129-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a.exe
-
Size
2.1MB
-
MD5
81713557ea8d0af915183a948912d141
-
SHA1
a8bb761c5eeb489f723eaed913c4f249e09ee466
-
SHA256
20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a
-
SHA512
c5ec019dc7fc44c375597d1c728cf3067471c1551a8cdca2298f7823191e9f193e8c3fb531bea4c8643077ad66427c60b0857c2785f5ef756b547e99b5db818d
-
SSDEEP
49152:JSUl6vD5DxN6HHLJFwMh90uMu2zRbqf1aAzhN4JK0sHncU011Q:JSSwD5Dxk5eQmK0mm11
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-