General
-
Target
3037913d7d2b2adc8298499f24b3f5069c0d3ad4ed82b404185113faa70790b8
-
Size
2.3MB
-
Sample
240526-kbddfacc7y
-
MD5
53935618d57886b1eebd94a7a7811989
-
SHA1
3dff13b38128ce79d687e5cf1a8de506b8121bed
-
SHA256
3037913d7d2b2adc8298499f24b3f5069c0d3ad4ed82b404185113faa70790b8
-
SHA512
cdbdf3040acc6070446306c8b49c0eb8235f31e39a31dd1e9e3d9d83a8afdc902aab940ed5675e2ed429eff2d9aeb1ffb3b054348291f6b5f0cda01dfca61690
-
SSDEEP
49152:ekmKhyq24kI3qebVsVjC1QWPjF2Du2gsZeUbS/0Ili48aALKDV:ekmKEqlkAbmV+1/j84sZ/80f4AmDV
Static task
static1
Behavioral task
behavioral1
Sample
3037913d7d2b2adc8298499f24b3f5069c0d3ad4ed82b404185113faa70790b8.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
3037913d7d2b2adc8298499f24b3f5069c0d3ad4ed82b404185113faa70790b8
-
Size
2.3MB
-
MD5
53935618d57886b1eebd94a7a7811989
-
SHA1
3dff13b38128ce79d687e5cf1a8de506b8121bed
-
SHA256
3037913d7d2b2adc8298499f24b3f5069c0d3ad4ed82b404185113faa70790b8
-
SHA512
cdbdf3040acc6070446306c8b49c0eb8235f31e39a31dd1e9e3d9d83a8afdc902aab940ed5675e2ed429eff2d9aeb1ffb3b054348291f6b5f0cda01dfca61690
-
SSDEEP
49152:ekmKhyq24kI3qebVsVjC1QWPjF2Du2gsZeUbS/0Ili48aALKDV:ekmKEqlkAbmV+1/j84sZ/80f4AmDV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-