General
-
Target
5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c
-
Size
2.3MB
-
Sample
240603-279j7add86
-
MD5
e5f760c4d7fe439ee505d5aec6bceaca
-
SHA1
2dac4e5e1cef70c35309c7cf62b0e8cf830664e6
-
SHA256
5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c
-
SHA512
f11d5bfb5cd163d73a58c87866d36445b313b3dbb2bdb5392b4bf3863fa2aa54a29d67e074dbd1f0ffb3baeba75a2b57da406ede3234893ba022ce868c247abe
-
SSDEEP
49152:zkmKhyq24kI3qebVaSHGaGgcLWToEm5cURMvcD9tDHC51ucRVtCHUs:zkmKEqlkAbkOGPE1CWvcDXDQ1ucRVt6
Static task
static1
Behavioral task
behavioral1
Sample
5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c
-
Size
2.3MB
-
MD5
e5f760c4d7fe439ee505d5aec6bceaca
-
SHA1
2dac4e5e1cef70c35309c7cf62b0e8cf830664e6
-
SHA256
5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c
-
SHA512
f11d5bfb5cd163d73a58c87866d36445b313b3dbb2bdb5392b4bf3863fa2aa54a29d67e074dbd1f0ffb3baeba75a2b57da406ede3234893ba022ce868c247abe
-
SSDEEP
49152:zkmKhyq24kI3qebVaSHGaGgcLWToEm5cURMvcD9tDHC51ucRVtCHUs:zkmKEqlkAbkOGPE1CWvcDXDQ1ucRVt6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-