General
-
Target
77034b002ec9d650ee9bb3f2f27564987e3e2e15d14edb1e699660b3baaae736
-
Size
2.4MB
-
Sample
240603-gbe1gsee86
-
MD5
7165b2b6dd81ec8561337a47944ef8be
-
SHA1
7e37147e5b56a31b5f70c711b4fbeb3b33f34905
-
SHA256
77034b002ec9d650ee9bb3f2f27564987e3e2e15d14edb1e699660b3baaae736
-
SHA512
f6e2b16c08088b7f468b045b217d771334c285e9e7a0236a2e1315fdaed5dfa452cbcb851572a7a0470f7e2de9790234fcf7380a79230df9bd3a83757734f660
-
SSDEEP
49152:RKbFNEjV1HiN+8+rFQZWy3X2V61r0qR5DALTcx7rk:RE/Ex1CN+NpF0XZ5DD2ork
Static task
static1
Behavioral task
behavioral1
Sample
77034b002ec9d650ee9bb3f2f27564987e3e2e15d14edb1e699660b3baaae736.exe
Resource
win7-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
77034b002ec9d650ee9bb3f2f27564987e3e2e15d14edb1e699660b3baaae736
-
Size
2.4MB
-
MD5
7165b2b6dd81ec8561337a47944ef8be
-
SHA1
7e37147e5b56a31b5f70c711b4fbeb3b33f34905
-
SHA256
77034b002ec9d650ee9bb3f2f27564987e3e2e15d14edb1e699660b3baaae736
-
SHA512
f6e2b16c08088b7f468b045b217d771334c285e9e7a0236a2e1315fdaed5dfa452cbcb851572a7a0470f7e2de9790234fcf7380a79230df9bd3a83757734f660
-
SSDEEP
49152:RKbFNEjV1HiN+8+rFQZWy3X2V61r0qR5DALTcx7rk:RE/Ex1CN+NpF0XZ5DD2ork
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-