General
-
Target
8eacc30aa27a2a17c9ada6190232fcd9f47bf2de2bca79bc41f90f918a089107
-
Size
2.3MB
-
Sample
240527-e19kaaga3v
-
MD5
d1c65b9f887141edcfbea73deafa5f4e
-
SHA1
dc1d884b9c66d2d2547256535215bd56fe3a5859
-
SHA256
8eacc30aa27a2a17c9ada6190232fcd9f47bf2de2bca79bc41f90f918a089107
-
SHA512
c01339f8fc33d4142cfaab580bb535a73a4978aa241e0b563ec26eacb397022c8fa9d9152d5b1c7451a774187aeb2fe1a51f7db6fd3f1b8c36b9c5305fb9a269
-
SSDEEP
49152:jkmKhyq24kI3qebVa5DpO+M8j6E8YCa9GuKczprb5zzqyDgaovipKb:jkmKEqlkAbk5ZTOCCa9rKcNvTDgbipKb
Static task
static1
Behavioral task
behavioral1
Sample
8eacc30aa27a2a17c9ada6190232fcd9f47bf2de2bca79bc41f90f918a089107.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
8eacc30aa27a2a17c9ada6190232fcd9f47bf2de2bca79bc41f90f918a089107
-
Size
2.3MB
-
MD5
d1c65b9f887141edcfbea73deafa5f4e
-
SHA1
dc1d884b9c66d2d2547256535215bd56fe3a5859
-
SHA256
8eacc30aa27a2a17c9ada6190232fcd9f47bf2de2bca79bc41f90f918a089107
-
SHA512
c01339f8fc33d4142cfaab580bb535a73a4978aa241e0b563ec26eacb397022c8fa9d9152d5b1c7451a774187aeb2fe1a51f7db6fd3f1b8c36b9c5305fb9a269
-
SSDEEP
49152:jkmKhyq24kI3qebVa5DpO+M8j6E8YCa9GuKczprb5zzqyDgaovipKb:jkmKEqlkAbk5ZTOCCa9rKcNvTDgbipKb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-