General
-
Target
ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e
-
Size
2.2MB
-
Sample
240415-q5agjaab31
-
MD5
1f2937b9edd71534942682b3305f0a32
-
SHA1
9e70078519f0f3132ffefbc5d58ea0da202bc375
-
SHA256
ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e
-
SHA512
ca39f160bedb51b0b5fcfde729d4a663590145ccb98749e0f132b7a8e8fecc0e3c96bd434acdcfcd841430298ec00ed884a3e23b649318e5b32d75880d924363
-
SSDEEP
49152:zSUl6vD5DxN6HHLJ9tKacnUhioOPmeFLNOSG6ANuBM1nrJU/x684ahd2bs7sE3IH:zSSwD5Dxk0asU+mCFG6FBgS/xGaWs7V4
Static task
static1
Behavioral task
behavioral1
Sample
ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e
-
Size
2.2MB
-
MD5
1f2937b9edd71534942682b3305f0a32
-
SHA1
9e70078519f0f3132ffefbc5d58ea0da202bc375
-
SHA256
ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e
-
SHA512
ca39f160bedb51b0b5fcfde729d4a663590145ccb98749e0f132b7a8e8fecc0e3c96bd434acdcfcd841430298ec00ed884a3e23b649318e5b32d75880d924363
-
SSDEEP
49152:zSUl6vD5DxN6HHLJ9tKacnUhioOPmeFLNOSG6ANuBM1nrJU/x684ahd2bs7sE3IH:zSSwD5Dxk0asU+mCFG6FBgS/xGaWs7V4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-