General
-
Target
45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20
-
Size
2.1MB
-
Sample
240415-xnvjpsde68
-
MD5
4f2dd0fb9561fe1fc90c92b1da92753c
-
SHA1
46a64c4177defbaabfca42f1ef63bb38897ed462
-
SHA256
45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20
-
SHA512
bfbe25494f88e81aa6e468ba9168b30ca418fe52617a99c17f6582f81ee4a3ee5fa02acac8a6bd7f8bd92f9406f6865388374728e42a9d518faf214833dd89a5
-
SSDEEP
49152:TSUl6vD5DxN6HHLJFw0z/A+47Im3lr8UyY17BUDRadHF:TSSwD5DxkXf4p3OU1aRadH
Static task
static1
Behavioral task
behavioral1
Sample
45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20
-
Size
2.1MB
-
MD5
4f2dd0fb9561fe1fc90c92b1da92753c
-
SHA1
46a64c4177defbaabfca42f1ef63bb38897ed462
-
SHA256
45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20
-
SHA512
bfbe25494f88e81aa6e468ba9168b30ca418fe52617a99c17f6582f81ee4a3ee5fa02acac8a6bd7f8bd92f9406f6865388374728e42a9d518faf214833dd89a5
-
SSDEEP
49152:TSUl6vD5DxN6HHLJFw0z/A+47Im3lr8UyY17BUDRadHF:TSSwD5DxkXf4p3OU1aRadH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-