General
-
Target
398ef8b6a7a7b40f1fb8046ece0c4ae1113933db680e9680110b3f059e409563
-
Size
2.2MB
-
Sample
240415-xnw3jade69
-
MD5
546932192c8e3e3e4843fb7d54000ced
-
SHA1
7fe0f71dd26ef86034b2a3c6b995f10d1b85c4c7
-
SHA256
398ef8b6a7a7b40f1fb8046ece0c4ae1113933db680e9680110b3f059e409563
-
SHA512
6fbe410c96b18cf52d851aff3bef5ab3173a7cf3a686f3df1cdd704e322186b8802718c702a1655774d978699ee50c517344cfd3f917695f3dcbdfb438c532ec
-
SSDEEP
49152:YSUl6vD5DxN6HHLJ9t8EYpjDo5tolubtI54itKg2ivPlHya:YSSwD5DxkH63ofoldpd
Static task
static1
Behavioral task
behavioral1
Sample
398ef8b6a7a7b40f1fb8046ece0c4ae1113933db680e9680110b3f059e409563.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
398ef8b6a7a7b40f1fb8046ece0c4ae1113933db680e9680110b3f059e409563
-
Size
2.2MB
-
MD5
546932192c8e3e3e4843fb7d54000ced
-
SHA1
7fe0f71dd26ef86034b2a3c6b995f10d1b85c4c7
-
SHA256
398ef8b6a7a7b40f1fb8046ece0c4ae1113933db680e9680110b3f059e409563
-
SHA512
6fbe410c96b18cf52d851aff3bef5ab3173a7cf3a686f3df1cdd704e322186b8802718c702a1655774d978699ee50c517344cfd3f917695f3dcbdfb438c532ec
-
SSDEEP
49152:YSUl6vD5DxN6HHLJ9t8EYpjDo5tolubtI54itKg2ivPlHya:YSSwD5DxkH63ofoldpd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-