General
-
Target
ccbb2be679b26690df20ee8263289721ab68dc71f3741b77a1f0f6e64e5ff305
-
Size
2.3MB
-
Sample
240603-glesgadh2z
-
MD5
9eed217f99bcb8f81ae7d78eed50c829
-
SHA1
71f1bf35d964003d63aa6a04e0490f1e1705d8ae
-
SHA256
ccbb2be679b26690df20ee8263289721ab68dc71f3741b77a1f0f6e64e5ff305
-
SHA512
2f101aa262a87116901f601148cc04cc27f6356e562cabf82c34b2d14f5baa63b2c9c16b445ed502f0a80b6d230aff1422901c8f3ccc8252ea7fa2de89630f98
-
SSDEEP
49152:ikmKhyq24kI3qebVaReoxGHxNXBCFvhp8skWSC/Llu2jZIY:ikmKEqlkAbkRnGHxemC/Llu2j5
Static task
static1
Behavioral task
behavioral1
Sample
ccbb2be679b26690df20ee8263289721ab68dc71f3741b77a1f0f6e64e5ff305.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
ccbb2be679b26690df20ee8263289721ab68dc71f3741b77a1f0f6e64e5ff305
-
Size
2.3MB
-
MD5
9eed217f99bcb8f81ae7d78eed50c829
-
SHA1
71f1bf35d964003d63aa6a04e0490f1e1705d8ae
-
SHA256
ccbb2be679b26690df20ee8263289721ab68dc71f3741b77a1f0f6e64e5ff305
-
SHA512
2f101aa262a87116901f601148cc04cc27f6356e562cabf82c34b2d14f5baa63b2c9c16b445ed502f0a80b6d230aff1422901c8f3ccc8252ea7fa2de89630f98
-
SSDEEP
49152:ikmKhyq24kI3qebVaReoxGHxNXBCFvhp8skWSC/Llu2jZIY:ikmKEqlkAbkRnGHxemC/Llu2j5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-