General
-
Target
2059c751a75fdd4402859a5e2eb4496e8009357e29ac0a21e19f2f1941cab43f
-
Size
2.3MB
-
Sample
240527-hlzy3scd65
-
MD5
1a574f74669cf4a271e65c7fd90eaa9c
-
SHA1
27af6808fe1007468cd9eb92b6236cca9a905844
-
SHA256
2059c751a75fdd4402859a5e2eb4496e8009357e29ac0a21e19f2f1941cab43f
-
SHA512
cd6da2ab926be7b713534953ff2c9623dd73ae2bb9c355b0c16c9cc3f917f5b243a661842e71ed21944144ab6b1b13d0f46860c3e243a7097ff7424f3b2454ee
-
SSDEEP
49152:okmKhyq24kI3qebVaVDyU55FyVSfxxyyPYQY+oCK:okmKEqlkAbkNwS/35Y+7K
Static task
static1
Behavioral task
behavioral1
Sample
2059c751a75fdd4402859a5e2eb4496e8009357e29ac0a21e19f2f1941cab43f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
2059c751a75fdd4402859a5e2eb4496e8009357e29ac0a21e19f2f1941cab43f
-
Size
2.3MB
-
MD5
1a574f74669cf4a271e65c7fd90eaa9c
-
SHA1
27af6808fe1007468cd9eb92b6236cca9a905844
-
SHA256
2059c751a75fdd4402859a5e2eb4496e8009357e29ac0a21e19f2f1941cab43f
-
SHA512
cd6da2ab926be7b713534953ff2c9623dd73ae2bb9c355b0c16c9cc3f917f5b243a661842e71ed21944144ab6b1b13d0f46860c3e243a7097ff7424f3b2454ee
-
SSDEEP
49152:okmKhyq24kI3qebVaVDyU55FyVSfxxyyPYQY+oCK:okmKEqlkAbkNwS/35Y+7K
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-