General
-
Target
49d3af43d44b83c23c6cf8f07f8b0936ce9321a008b23fefe35e47e3a855830d.exe
-
Size
2.1MB
-
Sample
240415-bhbczsdc2v
-
MD5
2c84dcbf2cbec43a827f8dc664840adc
-
SHA1
ec89940fd0a276ef613f2df4dd37b1128918b895
-
SHA256
49d3af43d44b83c23c6cf8f07f8b0936ce9321a008b23fefe35e47e3a855830d
-
SHA512
2a90b18717bc6f2b684790de4113fcb2345ade2c03e0bbacb80473fc2e0dd5929fefe2908ad7d457edecc8fe385a667a2b3230e920f0899abcbc08663d825b2c
-
SSDEEP
49152:/SUl6vD5DxN6HHLJFw8ftyDFYdVClfjq/k3DVzlu/c:/SSwD5DxkveYdIl7qsJw/c
Static task
static1
Behavioral task
behavioral1
Sample
49d3af43d44b83c23c6cf8f07f8b0936ce9321a008b23fefe35e47e3a855830d.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
49d3af43d44b83c23c6cf8f07f8b0936ce9321a008b23fefe35e47e3a855830d.exe
-
Size
2.1MB
-
MD5
2c84dcbf2cbec43a827f8dc664840adc
-
SHA1
ec89940fd0a276ef613f2df4dd37b1128918b895
-
SHA256
49d3af43d44b83c23c6cf8f07f8b0936ce9321a008b23fefe35e47e3a855830d
-
SHA512
2a90b18717bc6f2b684790de4113fcb2345ade2c03e0bbacb80473fc2e0dd5929fefe2908ad7d457edecc8fe385a667a2b3230e920f0899abcbc08663d825b2c
-
SSDEEP
49152:/SUl6vD5DxN6HHLJFw8ftyDFYdVClfjq/k3DVzlu/c:/SSwD5DxkveYdIl7qsJw/c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-