General
-
Target
c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143
-
Size
2.2MB
-
Sample
240604-bs5dtagd2x
-
MD5
4eca1472d4088332cbf99568557f4df2
-
SHA1
aea753c4a43cc85d9cc9dd3a3dd0e97267f7c1ff
-
SHA256
c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143
-
SHA512
e6430d7a3e687ef0f903bf78fa9bdd4abca7ab5e1adeab938f75c3eed3cdcdd415c06c3d26b6eed8d2bcefc9058317a8d04669ab7bf0d191d05a8b74ce6ca120
-
SSDEEP
49152:RkmKhyq24kI3qebVax+mUJI74ByaKzjSV2FJgr1NJ8/2:RkmKEqlkAbkx+hJtByrzW4FO5NJv
Static task
static1
Behavioral task
behavioral1
Sample
c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143
-
Size
2.2MB
-
MD5
4eca1472d4088332cbf99568557f4df2
-
SHA1
aea753c4a43cc85d9cc9dd3a3dd0e97267f7c1ff
-
SHA256
c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143
-
SHA512
e6430d7a3e687ef0f903bf78fa9bdd4abca7ab5e1adeab938f75c3eed3cdcdd415c06c3d26b6eed8d2bcefc9058317a8d04669ab7bf0d191d05a8b74ce6ca120
-
SSDEEP
49152:RkmKhyq24kI3qebVax+mUJI74ByaKzjSV2FJgr1NJ8/2:RkmKEqlkAbkx+hJtByrzW4FO5NJv
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-