General
-
Target
e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082
-
Size
2.3MB
-
Sample
240603-gd8qksef87
-
MD5
0f75a21fff5bac74724b3f536923b959
-
SHA1
8dd45c302f00e87b1633ca30563b10b9d6a178a5
-
SHA256
e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082
-
SHA512
eeccf94d8fa90b0721599a59b120b1bda1eaff23e245d0de05c11aa7fd8762ddab10dc0958900975dd375c1d6ba1348be04fce5ec72d574da3cb9c11dab18221
-
SSDEEP
49152:hVtWEjENMYlI/gT8gy2lYeaAe07gHYhJVMBswLDI7hn8CCT9/Uo:9rENVlIs8g5+Ae07gHeuXYhYF
Static task
static1
Behavioral task
behavioral1
Sample
e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082
-
Size
2.3MB
-
MD5
0f75a21fff5bac74724b3f536923b959
-
SHA1
8dd45c302f00e87b1633ca30563b10b9d6a178a5
-
SHA256
e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082
-
SHA512
eeccf94d8fa90b0721599a59b120b1bda1eaff23e245d0de05c11aa7fd8762ddab10dc0958900975dd375c1d6ba1348be04fce5ec72d574da3cb9c11dab18221
-
SSDEEP
49152:hVtWEjENMYlI/gT8gy2lYeaAe07gHYhJVMBswLDI7hn8CCT9/Uo:9rENVlIs8g5+Ae07gHeuXYhYF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-