General
-
Target
c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408
-
Size
2.2MB
-
Sample
240526-hsqc8abf62
-
MD5
0598b8d859d966cfbd8d965d90cb34fd
-
SHA1
ad2386eefb45fbd223620a44e4e7802d1dfafb2d
-
SHA256
c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408
-
SHA512
bdefcf57ae2b262ab50a79fc9f3b84a0ea725fc7142a32ea85530729b394bded66298206f44b6ace671f993fcb861b4efb595c0334f10ee554acbe6f423a836f
-
SSDEEP
49152:XkmKhyq24kI3qebVa30qdmiC4MPSefX+:XkmKEqlkAbk3kPSeP
Static task
static1
Behavioral task
behavioral1
Sample
c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408
-
Size
2.2MB
-
MD5
0598b8d859d966cfbd8d965d90cb34fd
-
SHA1
ad2386eefb45fbd223620a44e4e7802d1dfafb2d
-
SHA256
c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408
-
SHA512
bdefcf57ae2b262ab50a79fc9f3b84a0ea725fc7142a32ea85530729b394bded66298206f44b6ace671f993fcb861b4efb595c0334f10ee554acbe6f423a836f
-
SSDEEP
49152:XkmKhyq24kI3qebVa30qdmiC4MPSefX+:XkmKEqlkAbk3kPSeP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-