General
-
Target
86b69c0940863c4432bf62be9ef8be173e09b374ce3297abd145a8159ccdea5a
-
Size
2.3MB
-
Sample
240526-dyre9adb5t
-
MD5
4b33b5ab5512fdc6af1e6cd034ec6c49
-
SHA1
75336131e759e6406df0eb041f3db55f771172de
-
SHA256
86b69c0940863c4432bf62be9ef8be173e09b374ce3297abd145a8159ccdea5a
-
SHA512
1fae97add24531f83c5a9fdc99fca17f9f18915ac71067aa18ec27f5658bf6ae29dc8bc01437cbfe0693ae6fceecb08f290f13ceb51b719212df385e64caf543
-
SSDEEP
49152:2kmKhyq24kI3qebVsyiHVkQDu/Fkks2cM82ukuDyj5e+zqA9:2kmKEqlkAbmjHVzNksHGu3m0+WA
Static task
static1
Behavioral task
behavioral1
Sample
86b69c0940863c4432bf62be9ef8be173e09b374ce3297abd145a8159ccdea5a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
86b69c0940863c4432bf62be9ef8be173e09b374ce3297abd145a8159ccdea5a
-
Size
2.3MB
-
MD5
4b33b5ab5512fdc6af1e6cd034ec6c49
-
SHA1
75336131e759e6406df0eb041f3db55f771172de
-
SHA256
86b69c0940863c4432bf62be9ef8be173e09b374ce3297abd145a8159ccdea5a
-
SHA512
1fae97add24531f83c5a9fdc99fca17f9f18915ac71067aa18ec27f5658bf6ae29dc8bc01437cbfe0693ae6fceecb08f290f13ceb51b719212df385e64caf543
-
SSDEEP
49152:2kmKhyq24kI3qebVsyiHVkQDu/Fkks2cM82ukuDyj5e+zqA9:2kmKEqlkAbmjHVzNksHGu3m0+WA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-