General
-
Target
fb023193f9101c93c3a171e62f14c82aa3bec49d26915bcb47f61c77387e8c53
-
Size
2.3MB
-
Sample
240603-haeh1afh94
-
MD5
1a365aa70e982c6ffc8f4d8ffae702f8
-
SHA1
5a6d4643e393702c560d25d1c55f46d9f90d66fa
-
SHA256
fb023193f9101c93c3a171e62f14c82aa3bec49d26915bcb47f61c77387e8c53
-
SHA512
854d26519051baa351790ed9520d38c9782aac5b65b2494053eb93bde9dc92e2635f226bf4167379ecb4de4716695c76d9e097c356cddba2e41ae8b182adc4c2
-
SSDEEP
49152:jRTmGKXKPkyCRRDVTOWST3T1C7CqKLt4vs1EOs41AzZJ+0:jQnK3kN0WSrRKwcs1b18Jx
Static task
static1
Behavioral task
behavioral1
Sample
fb023193f9101c93c3a171e62f14c82aa3bec49d26915bcb47f61c77387e8c53.exe
Resource
win7-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
fb023193f9101c93c3a171e62f14c82aa3bec49d26915bcb47f61c77387e8c53
-
Size
2.3MB
-
MD5
1a365aa70e982c6ffc8f4d8ffae702f8
-
SHA1
5a6d4643e393702c560d25d1c55f46d9f90d66fa
-
SHA256
fb023193f9101c93c3a171e62f14c82aa3bec49d26915bcb47f61c77387e8c53
-
SHA512
854d26519051baa351790ed9520d38c9782aac5b65b2494053eb93bde9dc92e2635f226bf4167379ecb4de4716695c76d9e097c356cddba2e41ae8b182adc4c2
-
SSDEEP
49152:jRTmGKXKPkyCRRDVTOWST3T1C7CqKLt4vs1EOs41AzZJ+0:jQnK3kN0WSrRKwcs1b18Jx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-