General
-
Target
6ebf03725f063220bdcb3b57d05058b673d2839714a4b0517273ec094b719e34
-
Size
2.3MB
-
Sample
240603-hsx33afe7w
-
MD5
e0423b1b452f5bbce47bd902a7d93bb4
-
SHA1
d4c6f34c0128139dbec91c79be92e76af0c1ca21
-
SHA256
6ebf03725f063220bdcb3b57d05058b673d2839714a4b0517273ec094b719e34
-
SHA512
7b922b2ee7f336cdedc782f9171d97c62cfdb8270054e7226cdaecdfad9d9a25daaf23adeed1ad4c21c1b8020b130c54ee194fe04fc5feedd366747ccb3b1ed8
-
SSDEEP
49152:nkmKhyq24kI3qebVaM6R/XyG37QsmWvXMaw6e4b5e3UNBU8:nkmKEqlkAbk3/XyGxLaAe3iB/
Static task
static1
Behavioral task
behavioral1
Sample
6ebf03725f063220bdcb3b57d05058b673d2839714a4b0517273ec094b719e34.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
6ebf03725f063220bdcb3b57d05058b673d2839714a4b0517273ec094b719e34
-
Size
2.3MB
-
MD5
e0423b1b452f5bbce47bd902a7d93bb4
-
SHA1
d4c6f34c0128139dbec91c79be92e76af0c1ca21
-
SHA256
6ebf03725f063220bdcb3b57d05058b673d2839714a4b0517273ec094b719e34
-
SHA512
7b922b2ee7f336cdedc782f9171d97c62cfdb8270054e7226cdaecdfad9d9a25daaf23adeed1ad4c21c1b8020b130c54ee194fe04fc5feedd366747ccb3b1ed8
-
SSDEEP
49152:nkmKhyq24kI3qebVaM6R/XyG37QsmWvXMaw6e4b5e3UNBU8:nkmKEqlkAbk3/XyGxLaAe3iB/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-