General
-
Target
fecb9c22d7dfb277a06c9782fbb74d050731c56f1ae8f7a615356e7997ebdff1
-
Size
2.3MB
-
Sample
240527-hlxtqacd62
-
MD5
6bc1cfa78dbe5e89e1683c608e072469
-
SHA1
df532e1ba11fce36b82def1a159d4cf79a072a39
-
SHA256
fecb9c22d7dfb277a06c9782fbb74d050731c56f1ae8f7a615356e7997ebdff1
-
SHA512
87d8529af89909b1c30124ad05569b1ccca47929da5cc0d3a1471ae6e33efdce53bd50135afb2fff269a438e41b4d0b9487275896906fa47881358e3d7432957
-
SSDEEP
49152:FbP6R85PqytbFB0jLBkdczhuiapRxUFQfvKm4fx9d4wVrppHC0u:Gu9X03BapnL0x3bVLC0u
Static task
static1
Behavioral task
behavioral1
Sample
fecb9c22d7dfb277a06c9782fbb74d050731c56f1ae8f7a615356e7997ebdff1.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
fecb9c22d7dfb277a06c9782fbb74d050731c56f1ae8f7a615356e7997ebdff1
-
Size
2.3MB
-
MD5
6bc1cfa78dbe5e89e1683c608e072469
-
SHA1
df532e1ba11fce36b82def1a159d4cf79a072a39
-
SHA256
fecb9c22d7dfb277a06c9782fbb74d050731c56f1ae8f7a615356e7997ebdff1
-
SHA512
87d8529af89909b1c30124ad05569b1ccca47929da5cc0d3a1471ae6e33efdce53bd50135afb2fff269a438e41b4d0b9487275896906fa47881358e3d7432957
-
SSDEEP
49152:FbP6R85PqytbFB0jLBkdczhuiapRxUFQfvKm4fx9d4wVrppHC0u:Gu9X03BapnL0x3bVLC0u
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-