General
-
Target
3e33f9cf193d5ccbfa4d70533e56d351ec0a6527e427139371e9b489d1a55e1b
-
Size
2.2MB
-
Sample
240526-w2v7qafd5s
-
MD5
af0672934919aabf6094194717381faf
-
SHA1
23ecd18ff65e3d3ee6716f677220a107153dfe61
-
SHA256
3e33f9cf193d5ccbfa4d70533e56d351ec0a6527e427139371e9b489d1a55e1b
-
SHA512
bb2953c243ffa4c0813147c8851ebde1637f95ba77cb547059f63da044f503e4891c383741ce2b8cb06b50fcf6be8cc7f974e4342987f6eb03168a90d290a480
-
SSDEEP
49152:VkmKhyq24kI3qebVsw2un7lQOtxgq294LLeFxW5DTKAvE0iOqd9vUTN0md:VkmKEqlkAbmpM7uzq2KfeX6DuOFTxd
Static task
static1
Behavioral task
behavioral1
Sample
3e33f9cf193d5ccbfa4d70533e56d351ec0a6527e427139371e9b489d1a55e1b.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
3e33f9cf193d5ccbfa4d70533e56d351ec0a6527e427139371e9b489d1a55e1b
-
Size
2.2MB
-
MD5
af0672934919aabf6094194717381faf
-
SHA1
23ecd18ff65e3d3ee6716f677220a107153dfe61
-
SHA256
3e33f9cf193d5ccbfa4d70533e56d351ec0a6527e427139371e9b489d1a55e1b
-
SHA512
bb2953c243ffa4c0813147c8851ebde1637f95ba77cb547059f63da044f503e4891c383741ce2b8cb06b50fcf6be8cc7f974e4342987f6eb03168a90d290a480
-
SSDEEP
49152:VkmKhyq24kI3qebVsw2un7lQOtxgq294LLeFxW5DTKAvE0iOqd9vUTN0md:VkmKEqlkAbmpM7uzq2KfeX6DuOFTxd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-