General
-
Target
d3ff5855e01984dc9aebbf8a714f1be9cba60ac125d5dceccd3388eabaeef55e
-
Size
2.2MB
-
Sample
240415-vcsvmabc47
-
MD5
3a8beecb00374caf63573fa955fc44b9
-
SHA1
7f19f2ef6aa502dd24766950e7bce0e2812e6885
-
SHA256
d3ff5855e01984dc9aebbf8a714f1be9cba60ac125d5dceccd3388eabaeef55e
-
SHA512
64a585e95268bce0afd281167b70f081a4de2d62c1110a0a7073de29ec224da3f145b2755d6f61060a86e43e2eba726cf8ed5ee28f3d99879f2dc270f7997b90
-
SSDEEP
49152:dSUl6vD5DxN6HHLJ9tKn7abRxZT3mj/2kUNkUnnf3iAgCSzjRj5l:dSSwD5DxkiyT3mr2UOvIzjR
Static task
static1
Behavioral task
behavioral1
Sample
d3ff5855e01984dc9aebbf8a714f1be9cba60ac125d5dceccd3388eabaeef55e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
d3ff5855e01984dc9aebbf8a714f1be9cba60ac125d5dceccd3388eabaeef55e
-
Size
2.2MB
-
MD5
3a8beecb00374caf63573fa955fc44b9
-
SHA1
7f19f2ef6aa502dd24766950e7bce0e2812e6885
-
SHA256
d3ff5855e01984dc9aebbf8a714f1be9cba60ac125d5dceccd3388eabaeef55e
-
SHA512
64a585e95268bce0afd281167b70f081a4de2d62c1110a0a7073de29ec224da3f145b2755d6f61060a86e43e2eba726cf8ed5ee28f3d99879f2dc270f7997b90
-
SSDEEP
49152:dSUl6vD5DxN6HHLJ9tKn7abRxZT3mj/2kUNkUnnf3iAgCSzjRj5l:dSSwD5DxkiyT3mr2UOvIzjR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-