General
-
Target
e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354
-
Size
2.3MB
-
Sample
240603-e7w8jabe8z
-
MD5
2d8da46d6febc5407f21470f76b95884
-
SHA1
b3876364f4fa640018bfc3186e46768ecec98a6d
-
SHA256
e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354
-
SHA512
91e28a4755f41abe4210e42902d87d0bd91d53371a1b3fd55bb16c4890ab7457d976a6a402985c95f9c65785f9d0b7296b7b6f4502907523981789d6f45055a5
-
SSDEEP
49152:xTLfoi4bhHuIcFpufdg4+cyIHKISYdU3GRa80oGi:XohOIcFpydYcrDO3G480oGi
Static task
static1
Behavioral task
behavioral1
Sample
e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354
-
Size
2.3MB
-
MD5
2d8da46d6febc5407f21470f76b95884
-
SHA1
b3876364f4fa640018bfc3186e46768ecec98a6d
-
SHA256
e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354
-
SHA512
91e28a4755f41abe4210e42902d87d0bd91d53371a1b3fd55bb16c4890ab7457d976a6a402985c95f9c65785f9d0b7296b7b6f4502907523981789d6f45055a5
-
SSDEEP
49152:xTLfoi4bhHuIcFpufdg4+cyIHKISYdU3GRa80oGi:XohOIcFpydYcrDO3G480oGi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-