General
-
Target
5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92.exe
-
Size
2.2MB
-
Sample
240415-bjxydadc6y
-
MD5
ae4a0b8242ec37581fa326da6db5fff0
-
SHA1
97a1c0b57bd8388b225011a5184f75a987ca166d
-
SHA256
5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92
-
SHA512
653332d7decb1809806302de9157af84a69fc94828e5b1b847e2d8bb13df967d3429338388122c65efcc41ad5cb190c27264dc81b86fde08b668dc706de0fa99
-
SSDEEP
49152:YSUl6vD5DxN6HHLJ9tomDSnExghWNvEGDc8FtPGMyEh/rrwor9bJxHYn:YSSwD5DxkiHEqeX7tu7EpoeJxE
Static task
static1
Behavioral task
behavioral1
Sample
5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92.exe
-
Size
2.2MB
-
MD5
ae4a0b8242ec37581fa326da6db5fff0
-
SHA1
97a1c0b57bd8388b225011a5184f75a987ca166d
-
SHA256
5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92
-
SHA512
653332d7decb1809806302de9157af84a69fc94828e5b1b847e2d8bb13df967d3429338388122c65efcc41ad5cb190c27264dc81b86fde08b668dc706de0fa99
-
SSDEEP
49152:YSUl6vD5DxN6HHLJ9tomDSnExghWNvEGDc8FtPGMyEh/rrwor9bJxHYn:YSSwD5DxkiHEqeX7tu7EpoeJxE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-