General
-
Target
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6
-
Size
2.3MB
-
Sample
240526-zml72sbf6x
-
MD5
4f49a726452188045122acc1d5087af8
-
SHA1
9804befb3dd8d3961c09093e357bfe2da20f6a50
-
SHA256
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6
-
SHA512
1864a341868514ad6800f55a915a68146c8660f5245e919d8416339997dcd0e017eb35cea3b00852fd0bea79bf883c135d99e8cdd678153b4c2b821f0689697d
-
SSDEEP
49152:9kmKhyq24kI3qebVsy9xLKYcL4k6Hm/q8vyPfhiPxtLRw:9kmKEqlkAbmyCYcJwJfgPnC
Static task
static1
Behavioral task
behavioral1
Sample
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6.exe
Resource
win11-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6
-
Size
2.3MB
-
MD5
4f49a726452188045122acc1d5087af8
-
SHA1
9804befb3dd8d3961c09093e357bfe2da20f6a50
-
SHA256
a8b8b16ec14e23ea9fc33e045f0ed49831ae732c99dfa68fe7062ba440acf6a6
-
SHA512
1864a341868514ad6800f55a915a68146c8660f5245e919d8416339997dcd0e017eb35cea3b00852fd0bea79bf883c135d99e8cdd678153b4c2b821f0689697d
-
SSDEEP
49152:9kmKhyq24kI3qebVsy9xLKYcL4k6Hm/q8vyPfhiPxtLRw:9kmKEqlkAbmyCYcJwJfgPnC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-