General
-
Target
64a686d4acf558b94619651c9067f770908e90bf7e02b9f1200293c1895d4a5b
-
Size
2.3MB
-
Sample
240525-3vl4ssfa31
-
MD5
5b499fea9432cf2e323be6f9d6a9f026
-
SHA1
14652c0c2917a330382eae3ab17a72332c6ad438
-
SHA256
64a686d4acf558b94619651c9067f770908e90bf7e02b9f1200293c1895d4a5b
-
SHA512
58ed4efe6fdb752e6d11ac3a6ef345f56b27832502c94497cb1b942271a585120844690cd3422e3344c450e415c1ea974d44d1de9035e11de0ad780da0b144aa
-
SSDEEP
49152:3kmKhyq24kI3qebVsye+BqhJipMVvtKv0vNJtSA5z8QVPE8UVy3L:3kmKEqlkAbmzopkC0YUbH
Static task
static1
Behavioral task
behavioral1
Sample
64a686d4acf558b94619651c9067f770908e90bf7e02b9f1200293c1895d4a5b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
64a686d4acf558b94619651c9067f770908e90bf7e02b9f1200293c1895d4a5b
-
Size
2.3MB
-
MD5
5b499fea9432cf2e323be6f9d6a9f026
-
SHA1
14652c0c2917a330382eae3ab17a72332c6ad438
-
SHA256
64a686d4acf558b94619651c9067f770908e90bf7e02b9f1200293c1895d4a5b
-
SHA512
58ed4efe6fdb752e6d11ac3a6ef345f56b27832502c94497cb1b942271a585120844690cd3422e3344c450e415c1ea974d44d1de9035e11de0ad780da0b144aa
-
SSDEEP
49152:3kmKhyq24kI3qebVsye+BqhJipMVvtKv0vNJtSA5z8QVPE8UVy3L:3kmKEqlkAbmzopkC0YUbH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-