General
-
Target
c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7
-
Size
2.2MB
-
Sample
240415-hmpvhabe7s
-
MD5
fc4c1a9c7a71d75085af4407cbf24cdc
-
SHA1
cbb930a5c7fb5af47037611298acefab156f749f
-
SHA256
c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7
-
SHA512
308d7f62ca3cec26b633bf5264092fb218d9524f4d2b7b69315d5af20a953b4800338871ce738629ffa1c216862c8fd96ff15f51274e92e8dead5347e37e8cb1
-
SSDEEP
49152:vSUl6vD5DxN6HHLJ9tcLQkdJAC0KlaWXDANOyxZzu0LAl:vSSwD5DxkZkoC0+aQkfcl
Static task
static1
Behavioral task
behavioral1
Sample
c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7
-
Size
2.2MB
-
MD5
fc4c1a9c7a71d75085af4407cbf24cdc
-
SHA1
cbb930a5c7fb5af47037611298acefab156f749f
-
SHA256
c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7
-
SHA512
308d7f62ca3cec26b633bf5264092fb218d9524f4d2b7b69315d5af20a953b4800338871ce738629ffa1c216862c8fd96ff15f51274e92e8dead5347e37e8cb1
-
SSDEEP
49152:vSUl6vD5DxN6HHLJ9tcLQkdJAC0KlaWXDANOyxZzu0LAl:vSSwD5DxkZkoC0+aQkfcl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-