General
-
Target
b00b9d2cfb207eaf54ecb78bfb55c89c29620644d14693d914dd11bb19c76195
-
Size
2.3MB
-
Sample
240604-acyqnaea6z
-
MD5
d3c0b530c9edfd0415b61ec79aeba1a4
-
SHA1
5a6a13dca4d63453949054f9c188a5578e5b45a5
-
SHA256
b00b9d2cfb207eaf54ecb78bfb55c89c29620644d14693d914dd11bb19c76195
-
SHA512
eadc346d8811b626aba61cc76d9951f9b63886535d6b54f284c765669bae82129606a8b9a3ee06e63cccb6bf1662e7cd095fb0abad05121efc6c028b0f7827cf
-
SSDEEP
49152:sumXkjioimnvfTg0glaOyKgBki/nkL/6cLdmfmhcyYO/oW0mNx60o0rP:NvjibmnT8tyKqDvDcLdmfmhcyRwONjd7
Static task
static1
Behavioral task
behavioral1
Sample
b00b9d2cfb207eaf54ecb78bfb55c89c29620644d14693d914dd11bb19c76195.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
b00b9d2cfb207eaf54ecb78bfb55c89c29620644d14693d914dd11bb19c76195
-
Size
2.3MB
-
MD5
d3c0b530c9edfd0415b61ec79aeba1a4
-
SHA1
5a6a13dca4d63453949054f9c188a5578e5b45a5
-
SHA256
b00b9d2cfb207eaf54ecb78bfb55c89c29620644d14693d914dd11bb19c76195
-
SHA512
eadc346d8811b626aba61cc76d9951f9b63886535d6b54f284c765669bae82129606a8b9a3ee06e63cccb6bf1662e7cd095fb0abad05121efc6c028b0f7827cf
-
SSDEEP
49152:sumXkjioimnvfTg0glaOyKgBki/nkL/6cLdmfmhcyYO/oW0mNx60o0rP:NvjibmnT8tyKqDvDcLdmfmhcyRwONjd7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-