General
-
Target
def6f335aebc522eafb004b5067813fe2a6e11bd679eaf587e0ea52ebf68b75c
-
Size
2.2MB
-
Sample
240415-pllvsaec92
-
MD5
d339871d6fc59aca82e6487afe0c57b9
-
SHA1
bafa2b0f3901708f07e1363b05117d7a64a71412
-
SHA256
def6f335aebc522eafb004b5067813fe2a6e11bd679eaf587e0ea52ebf68b75c
-
SHA512
af47ad6bf2c80ae4705a55018b2e6a01ebe407f4045fd157c9ffbd8181c8e0fb996911fc4bf2f7d16880cc5f8b2078922a5e1019d189ca58bff808e203db7cd0
-
SSDEEP
49152:oSUl6vD5DxN6HHLJFwkn84OUHlEWXYjJViOHomI+TJtLRz6:oSSwD5DxkRnhBHlEWXlYiym
Static task
static1
Behavioral task
behavioral1
Sample
def6f335aebc522eafb004b5067813fe2a6e11bd679eaf587e0ea52ebf68b75c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
def6f335aebc522eafb004b5067813fe2a6e11bd679eaf587e0ea52ebf68b75c
-
Size
2.2MB
-
MD5
d339871d6fc59aca82e6487afe0c57b9
-
SHA1
bafa2b0f3901708f07e1363b05117d7a64a71412
-
SHA256
def6f335aebc522eafb004b5067813fe2a6e11bd679eaf587e0ea52ebf68b75c
-
SHA512
af47ad6bf2c80ae4705a55018b2e6a01ebe407f4045fd157c9ffbd8181c8e0fb996911fc4bf2f7d16880cc5f8b2078922a5e1019d189ca58bff808e203db7cd0
-
SSDEEP
49152:oSUl6vD5DxN6HHLJFwkn84OUHlEWXYjJViOHomI+TJtLRz6:oSSwD5DxkRnhBHlEWXlYiym
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-