General
-
Target
000fc3d65c07478c3a6094e145e9201ed6c0f729157784db32cfb509c1763252
-
Size
2.2MB
-
Sample
240524-rrgt5ahd44
-
MD5
0a7cd88422115c55330f1054ee839d84
-
SHA1
89bbb30e9fd1abf21c689d5987fcb5427dbcc3d9
-
SHA256
000fc3d65c07478c3a6094e145e9201ed6c0f729157784db32cfb509c1763252
-
SHA512
67813d1477eac75076bb81ec0d61be8bb594ffda279983971a5592202e8a4a055ebcda352a06ad76f1dc1775b35f4a168c6e490cfd9302e0c282bb97fd660e6b
-
SSDEEP
49152:0kmKhyq24kI3qebVaeszG53p8nJUyctnKDfVJd2c:0kmKEqlkAbke4UZD3tnKDb
Static task
static1
Behavioral task
behavioral1
Sample
000fc3d65c07478c3a6094e145e9201ed6c0f729157784db32cfb509c1763252.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
000fc3d65c07478c3a6094e145e9201ed6c0f729157784db32cfb509c1763252
-
Size
2.2MB
-
MD5
0a7cd88422115c55330f1054ee839d84
-
SHA1
89bbb30e9fd1abf21c689d5987fcb5427dbcc3d9
-
SHA256
000fc3d65c07478c3a6094e145e9201ed6c0f729157784db32cfb509c1763252
-
SHA512
67813d1477eac75076bb81ec0d61be8bb594ffda279983971a5592202e8a4a055ebcda352a06ad76f1dc1775b35f4a168c6e490cfd9302e0c282bb97fd660e6b
-
SSDEEP
49152:0kmKhyq24kI3qebVaeszG53p8nJUyctnKDfVJd2c:0kmKEqlkAbke4UZD3tnKDb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-