General
-
Target
37e2ac91cfb3034aee49133ece2cd93bbca4a7899cf5bc4998554fab777f1386
-
Size
2.3MB
-
Sample
240524-zca22aae56
-
MD5
069c35fabca33a57d307711c4254ca93
-
SHA1
a4f0fb3de3fb54cc657baec16fb66f553cfd1ac3
-
SHA256
37e2ac91cfb3034aee49133ece2cd93bbca4a7899cf5bc4998554fab777f1386
-
SHA512
0ad6f29403ddf155f6b8cbab5597a093cb57b3b87ab0207c888ad1215f6669cc1d814cf844615927ac8d700585d5e3061a367fadbd7a0473ad8a9baa9160a828
-
SSDEEP
49152:skmKhyq24kI3qebVa9Y0sRqRXiBUGcA/Q/sJpOcNPrWovyI9APLwo8j3WHJ2:skmKEqlkAbk9YTRAcP/Q/sWq73Ahrp2
Static task
static1
Behavioral task
behavioral1
Sample
37e2ac91cfb3034aee49133ece2cd93bbca4a7899cf5bc4998554fab777f1386.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
37e2ac91cfb3034aee49133ece2cd93bbca4a7899cf5bc4998554fab777f1386
-
Size
2.3MB
-
MD5
069c35fabca33a57d307711c4254ca93
-
SHA1
a4f0fb3de3fb54cc657baec16fb66f553cfd1ac3
-
SHA256
37e2ac91cfb3034aee49133ece2cd93bbca4a7899cf5bc4998554fab777f1386
-
SHA512
0ad6f29403ddf155f6b8cbab5597a093cb57b3b87ab0207c888ad1215f6669cc1d814cf844615927ac8d700585d5e3061a367fadbd7a0473ad8a9baa9160a828
-
SSDEEP
49152:skmKhyq24kI3qebVa9Y0sRqRXiBUGcA/Q/sJpOcNPrWovyI9APLwo8j3WHJ2:skmKEqlkAbk9YTRAcP/Q/sWq73Ahrp2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-