General
-
Target
6314b6ba82bd2bd84c2a2a443b5502134b2b1c49b481b5e09c6f52964f85ab2c
-
Size
2.3MB
-
Sample
240526-n6hhesae3w
-
MD5
7702ccc5c36019e774c66f9b77126837
-
SHA1
c834e44de58778bcc574d5e268ffba4f8e600983
-
SHA256
6314b6ba82bd2bd84c2a2a443b5502134b2b1c49b481b5e09c6f52964f85ab2c
-
SHA512
25a53229cb1ecec408e0b53808980adf59be5aeaf6f93ac13d983aa39e18097795e88b48bb93f1cf0d1245740e7541d5ebe7372e6bf02cfd7ec04268f7f5a039
-
SSDEEP
49152:WkmKhyq24kI3qebVsO0OpHaz6rm6c9bby88iDqVcB:WkmKEqlkAbmO0yH2J6cpeoOS
Static task
static1
Behavioral task
behavioral1
Sample
6314b6ba82bd2bd84c2a2a443b5502134b2b1c49b481b5e09c6f52964f85ab2c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
6314b6ba82bd2bd84c2a2a443b5502134b2b1c49b481b5e09c6f52964f85ab2c
-
Size
2.3MB
-
MD5
7702ccc5c36019e774c66f9b77126837
-
SHA1
c834e44de58778bcc574d5e268ffba4f8e600983
-
SHA256
6314b6ba82bd2bd84c2a2a443b5502134b2b1c49b481b5e09c6f52964f85ab2c
-
SHA512
25a53229cb1ecec408e0b53808980adf59be5aeaf6f93ac13d983aa39e18097795e88b48bb93f1cf0d1245740e7541d5ebe7372e6bf02cfd7ec04268f7f5a039
-
SSDEEP
49152:WkmKhyq24kI3qebVsO0OpHaz6rm6c9bby88iDqVcB:WkmKEqlkAbmO0yH2J6cpeoOS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-