General
-
Target
5af0624ecc27ee4bfcb19a2772a0539cb8bf6cfb5fe408713389b423cfb0c0b7.exe
-
Size
2.2MB
-
Sample
240415-bjvg9aae82
-
MD5
87d4d6cc1273a1e3197fe6546153696f
-
SHA1
213cc6963aa8ba274bed890b3727ed7b1dccf25d
-
SHA256
5af0624ecc27ee4bfcb19a2772a0539cb8bf6cfb5fe408713389b423cfb0c0b7
-
SHA512
76f7ebffd51bdb82da7d990c0d43d0fda04efbb888c5c01e8b7b4dd9eedf1dd7d1b41e75f156168d529ac7d80dd2497e16d4ee1b761c5a95de811dac718864a3
-
SSDEEP
49152:tSUl6vD5DxN6HHLJ9tjn772hg95rB0HzM7qTwTHj/Gof4C:tSSwD5DxkZug95azMqTw//G
Static task
static1
Behavioral task
behavioral1
Sample
5af0624ecc27ee4bfcb19a2772a0539cb8bf6cfb5fe408713389b423cfb0c0b7.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
5af0624ecc27ee4bfcb19a2772a0539cb8bf6cfb5fe408713389b423cfb0c0b7.exe
-
Size
2.2MB
-
MD5
87d4d6cc1273a1e3197fe6546153696f
-
SHA1
213cc6963aa8ba274bed890b3727ed7b1dccf25d
-
SHA256
5af0624ecc27ee4bfcb19a2772a0539cb8bf6cfb5fe408713389b423cfb0c0b7
-
SHA512
76f7ebffd51bdb82da7d990c0d43d0fda04efbb888c5c01e8b7b4dd9eedf1dd7d1b41e75f156168d529ac7d80dd2497e16d4ee1b761c5a95de811dac718864a3
-
SSDEEP
49152:tSUl6vD5DxN6HHLJ9tjn772hg95rB0HzM7qTwTHj/Gof4C:tSSwD5DxkZug95azMqTw//G
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-