General
-
Target
3e80e5c23a0ba1290293bf9936ca3b51583937acb38db1d53ee4521cd3807f65.exe
-
Size
2.2MB
-
Sample
240415-bgvp8sad87
-
MD5
b55fcd6754bba5d7a01a0d8cb89bf4bc
-
SHA1
9a6b93848baca5e5bf3ae6c92581f97d7fb4b87b
-
SHA256
3e80e5c23a0ba1290293bf9936ca3b51583937acb38db1d53ee4521cd3807f65
-
SHA512
bb9aa023c58efa51609eb275afbe240b79579ad46645fa31cfa2c86974ce373606c7166b016fb39c0d89f827e3e2fb9363e3047d30c4eacff526f80586cd4a26
-
SSDEEP
49152:YSUl6vD5DxN6HHLJFwHAbzSzRMweMpadUXSXBcwpA6Cfgf5ffHU5Z:YSSwD5DxkgAGtMweKSRFpAMtfHYZ
Static task
static1
Behavioral task
behavioral1
Sample
3e80e5c23a0ba1290293bf9936ca3b51583937acb38db1d53ee4521cd3807f65.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
3e80e5c23a0ba1290293bf9936ca3b51583937acb38db1d53ee4521cd3807f65.exe
-
Size
2.2MB
-
MD5
b55fcd6754bba5d7a01a0d8cb89bf4bc
-
SHA1
9a6b93848baca5e5bf3ae6c92581f97d7fb4b87b
-
SHA256
3e80e5c23a0ba1290293bf9936ca3b51583937acb38db1d53ee4521cd3807f65
-
SHA512
bb9aa023c58efa51609eb275afbe240b79579ad46645fa31cfa2c86974ce373606c7166b016fb39c0d89f827e3e2fb9363e3047d30c4eacff526f80586cd4a26
-
SSDEEP
49152:YSUl6vD5DxN6HHLJFwHAbzSzRMweMpadUXSXBcwpA6Cfgf5ffHU5Z:YSSwD5DxkgAGtMweKSRFpAMtfHYZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-