General
-
Target
c5e09b4799672c53f35701084ef554f8f4cccb84b4a900108d6517d5db42ed93
-
Size
2.4MB
-
Sample
240527-ldlm9sga33
-
MD5
3f61d8867c726bd34057d470a2902463
-
SHA1
00bb68a770d48f4b48b96c60c7508e95eb6240ce
-
SHA256
c5e09b4799672c53f35701084ef554f8f4cccb84b4a900108d6517d5db42ed93
-
SHA512
f6cbb139ae50f32d77efe1551008c69ac07984ea3a86d76a558b614960343c6478f75a7b97e12d01eb10c5ea5e9fb5607fa06f8cf9d77f6ba956e69261936c83
-
SSDEEP
49152:4pNYJs5CU8FdoRJbjugkRhYQ5z0Yg9yxFkhacKqE:T6v8IJnSYQ10Y5kMm
Static task
static1
Behavioral task
behavioral1
Sample
c5e09b4799672c53f35701084ef554f8f4cccb84b4a900108d6517d5db42ed93.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
c5e09b4799672c53f35701084ef554f8f4cccb84b4a900108d6517d5db42ed93
-
Size
2.4MB
-
MD5
3f61d8867c726bd34057d470a2902463
-
SHA1
00bb68a770d48f4b48b96c60c7508e95eb6240ce
-
SHA256
c5e09b4799672c53f35701084ef554f8f4cccb84b4a900108d6517d5db42ed93
-
SHA512
f6cbb139ae50f32d77efe1551008c69ac07984ea3a86d76a558b614960343c6478f75a7b97e12d01eb10c5ea5e9fb5607fa06f8cf9d77f6ba956e69261936c83
-
SSDEEP
49152:4pNYJs5CU8FdoRJbjugkRhYQ5z0Yg9yxFkhacKqE:T6v8IJnSYQ10Y5kMm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-