General
-
Target
5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3
-
Size
2.1MB
-
Sample
240415-q5g7daab4y
-
MD5
5e123c2bc2d04c0eab91f655b6b9b310
-
SHA1
7d7a51385ca8d3b2867c9678351d9729e8229bd2
-
SHA256
5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3
-
SHA512
065f5c5757d7ac055f313e38f022368a36a700d0a1f9e56ec87f034d34f1a54d8041e465a146bba696985130d5024b53250a352dc5b21a748be89cfaba9ef24e
-
SSDEEP
49152:4SUl6vD5DxN6HHLJFwTe5gw+HvL+D6isnuRtbgdeHKFSC8J:4SSwD5Dxk5+HvduRtsduH
Static task
static1
Behavioral task
behavioral1
Sample
5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3
-
Size
2.1MB
-
MD5
5e123c2bc2d04c0eab91f655b6b9b310
-
SHA1
7d7a51385ca8d3b2867c9678351d9729e8229bd2
-
SHA256
5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3
-
SHA512
065f5c5757d7ac055f313e38f022368a36a700d0a1f9e56ec87f034d34f1a54d8041e465a146bba696985130d5024b53250a352dc5b21a748be89cfaba9ef24e
-
SSDEEP
49152:4SUl6vD5DxN6HHLJFwTe5gw+HvL+D6isnuRtbgdeHKFSC8J:4SSwD5Dxk5+HvduRtsduH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-