General
-
Target
7c0efbb281a5c36d64f6d255a1d02521dd91e5fd3df60cdf6c6e9adac43bbb77
-
Size
2.4MB
-
Sample
240527-e18mzsha82
-
MD5
4b3a97c7c87a0534a6794f3e37f5515e
-
SHA1
bb9e72e29a872714996427b2eb169b89d8837118
-
SHA256
7c0efbb281a5c36d64f6d255a1d02521dd91e5fd3df60cdf6c6e9adac43bbb77
-
SHA512
53d633d008917b24b84e9a7f9749979adb080b3015d1465d01814cd9ccd8b261eaf59f3fd62ecc8b418674f5afb1e5d826125108f52dbc3ac9ff994cc06adecf
-
SSDEEP
49152:N6o8rzN607ECD0MvXkeAdPBv1QsZ8i7R+5SI5PcOLW:N6h1nDd0eAZBdw5Pcb
Static task
static1
Behavioral task
behavioral1
Sample
7c0efbb281a5c36d64f6d255a1d02521dd91e5fd3df60cdf6c6e9adac43bbb77.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
7c0efbb281a5c36d64f6d255a1d02521dd91e5fd3df60cdf6c6e9adac43bbb77
-
Size
2.4MB
-
MD5
4b3a97c7c87a0534a6794f3e37f5515e
-
SHA1
bb9e72e29a872714996427b2eb169b89d8837118
-
SHA256
7c0efbb281a5c36d64f6d255a1d02521dd91e5fd3df60cdf6c6e9adac43bbb77
-
SHA512
53d633d008917b24b84e9a7f9749979adb080b3015d1465d01814cd9ccd8b261eaf59f3fd62ecc8b418674f5afb1e5d826125108f52dbc3ac9ff994cc06adecf
-
SSDEEP
49152:N6o8rzN607ECD0MvXkeAdPBv1QsZ8i7R+5SI5PcOLW:N6h1nDd0eAZBdw5Pcb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-