General
-
Target
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf
-
Size
2.3MB
-
Sample
240526-1wnmxade5z
-
MD5
5d3c909b7253e635da96f476486b2207
-
SHA1
15fd1b68ff0ac0f2ec1bf69c571a4d4bd79db597
-
SHA256
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf
-
SHA512
9eb379d69c0153e819d2bee9b685e10e54ac9924da93920dc4834b88e76a74ff864bb3b207f6cc3ac5aa49a52a640636b78da5eb163c544f8b4e9c21eed03a64
-
SSDEEP
49152:VDQKTj6Vt94FeLnyv4DyZoGsEDHAZ88bRoU/lV+GHpFbaZmMB+g:VDQs2GVfXbATRoU/lV3zbaZnB+
Static task
static1
Behavioral task
behavioral1
Sample
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf.exe
Resource
win11-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf
-
Size
2.3MB
-
MD5
5d3c909b7253e635da96f476486b2207
-
SHA1
15fd1b68ff0ac0f2ec1bf69c571a4d4bd79db597
-
SHA256
ece492d03fcad448b12a51e2c0fc60504c2559dc920b79d5b6acd79fde1373bf
-
SHA512
9eb379d69c0153e819d2bee9b685e10e54ac9924da93920dc4834b88e76a74ff864bb3b207f6cc3ac5aa49a52a640636b78da5eb163c544f8b4e9c21eed03a64
-
SSDEEP
49152:VDQKTj6Vt94FeLnyv4DyZoGsEDHAZ88bRoU/lV+GHpFbaZmMB+g:VDQs2GVfXbATRoU/lV3zbaZnB+
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-