General
-
Target
0187401212dad9b8d57e846fe84ccf8c32ef105ed9d7a679d4b5edbf76624d04
-
Size
2.3MB
-
Sample
240525-g6svtshc51
-
MD5
45055e2a3c7e6b4a7ad7ca9df10aa0b5
-
SHA1
0cef253e20e38ebf777830b78a0a3df1ad5ef320
-
SHA256
0187401212dad9b8d57e846fe84ccf8c32ef105ed9d7a679d4b5edbf76624d04
-
SHA512
e996a13453ebbde6072a5ebc8b7cdc15b167e2e04bfcb07a2c9124610d27cbf615c958ab05884b433b3d0842eef7f25723194018157972fea56a0fe4befb8141
-
SSDEEP
49152:QkmKhyq24kI3qebVaw8WvbXY4odW1fwSW2Ff5cXcGZzN:QkmKEqlkAbkvWvbX4ifdff5cX9Z
Static task
static1
Behavioral task
behavioral1
Sample
0187401212dad9b8d57e846fe84ccf8c32ef105ed9d7a679d4b5edbf76624d04.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
0187401212dad9b8d57e846fe84ccf8c32ef105ed9d7a679d4b5edbf76624d04
-
Size
2.3MB
-
MD5
45055e2a3c7e6b4a7ad7ca9df10aa0b5
-
SHA1
0cef253e20e38ebf777830b78a0a3df1ad5ef320
-
SHA256
0187401212dad9b8d57e846fe84ccf8c32ef105ed9d7a679d4b5edbf76624d04
-
SHA512
e996a13453ebbde6072a5ebc8b7cdc15b167e2e04bfcb07a2c9124610d27cbf615c958ab05884b433b3d0842eef7f25723194018157972fea56a0fe4befb8141
-
SSDEEP
49152:QkmKhyq24kI3qebVaw8WvbXY4odW1fwSW2Ff5cXcGZzN:QkmKEqlkAbkvWvbX4ifdff5cX9Z
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-