General
-
Target
94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
-
Size
2.3MB
-
Sample
240527-f4dsfsae39
-
MD5
274210f621f10e14510448245a60eca0
-
SHA1
b3e997b2e47c1d96917e6f4dac970b0965f56d7c
-
SHA256
94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
-
SHA512
1eed982349be1810e352fc4848e8d35198bad2b2ab8679c44e2a77333b173e4a261e20c1a6673a9b63e8f75fc34f4f0c841ea8313fd057fbfa83aa9e246c6fe9
-
SSDEEP
49152:2kmKhyq24kI3qebVaJq8etpbFKHRpyXUpJKTEh8A6:2kmKEqlkAbkJ1UpbFKx09G8
Static task
static1
Behavioral task
behavioral1
Sample
94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
-
Size
2.3MB
-
MD5
274210f621f10e14510448245a60eca0
-
SHA1
b3e997b2e47c1d96917e6f4dac970b0965f56d7c
-
SHA256
94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
-
SHA512
1eed982349be1810e352fc4848e8d35198bad2b2ab8679c44e2a77333b173e4a261e20c1a6673a9b63e8f75fc34f4f0c841ea8313fd057fbfa83aa9e246c6fe9
-
SSDEEP
49152:2kmKhyq24kI3qebVaJq8etpbFKHRpyXUpJKTEh8A6:2kmKEqlkAbkJ1UpbFKx09G8
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-