General
-
Target
304b590ece29244d1d4cda37a73c35e0f3c4629b3c844b89e6ed6d1e1e0b24ab
-
Size
2.3MB
-
Sample
240604-bpqfgsgh72
-
MD5
526849db0500cbbb41472f18a19c43f3
-
SHA1
d31cfd6cbfa4409372944d60b0659389cfe0e2b5
-
SHA256
304b590ece29244d1d4cda37a73c35e0f3c4629b3c844b89e6ed6d1e1e0b24ab
-
SHA512
abd7a81b4578e544654f7d4ffc7eed4bf5daf261d9fd8629183fbfdde06ad6e6703196f0f79e31affe5516e02bc820f939c0736d070a49294784ac57de15f79e
-
SSDEEP
49152:1NUR7ekYqXjn1fBI+sY1wamh/3l6TyTu1dRkADa3Ky/Dkig1MWcxzv07JI:odeqTn1bt1e93lg2u14A23f/FgExb07J
Static task
static1
Behavioral task
behavioral1
Sample
304b590ece29244d1d4cda37a73c35e0f3c4629b3c844b89e6ed6d1e1e0b24ab.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
304b590ece29244d1d4cda37a73c35e0f3c4629b3c844b89e6ed6d1e1e0b24ab
-
Size
2.3MB
-
MD5
526849db0500cbbb41472f18a19c43f3
-
SHA1
d31cfd6cbfa4409372944d60b0659389cfe0e2b5
-
SHA256
304b590ece29244d1d4cda37a73c35e0f3c4629b3c844b89e6ed6d1e1e0b24ab
-
SHA512
abd7a81b4578e544654f7d4ffc7eed4bf5daf261d9fd8629183fbfdde06ad6e6703196f0f79e31affe5516e02bc820f939c0736d070a49294784ac57de15f79e
-
SSDEEP
49152:1NUR7ekYqXjn1fBI+sY1wamh/3l6TyTu1dRkADa3Ky/Dkig1MWcxzv07JI:odeqTn1bt1e93lg2u14A23f/FgExb07J
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-