General
-
Target
ea845d7ae5ffcc92058eb88e941f3110.bin
-
Size
2.2MB
-
Sample
240604-d86mxsce94
-
MD5
37cc046bf2f9e4c9b673c06440936193
-
SHA1
ffb1bb92955db220094e539a3e27bfb164941422
-
SHA256
160fa92317d39d164912390c1c9f2a7c20f03811db02acf964ae88fdb7671a3b
-
SHA512
86431ef253e20ea6a3089c7abbf011926c7cd14992ef9b18d7048d2766bda35e0c35621c4e898d5cfcf4953e34a35597a7244fcc65e7a99d49375dfae7983b26
-
SSDEEP
49152:ELewTA54Wkj7KccB/FPm1dpEalTIzVOy5CzAr+vHeCNtMVSObGJUog+WhHZG4E3j:QewTLb7KccBg1zhEOyMEcr3gklWZgj3j
Static task
static1
Behavioral task
behavioral1
Sample
4de928eed092809696e1212bc93c23cd9229773c45552619cb50eb9ccf769185.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
4de928eed092809696e1212bc93c23cd9229773c45552619cb50eb9ccf769185.exe
-
Size
2.2MB
-
MD5
ea845d7ae5ffcc92058eb88e941f3110
-
SHA1
df66b253812b3de5c8dd02ba9650436964fcaa0f
-
SHA256
4de928eed092809696e1212bc93c23cd9229773c45552619cb50eb9ccf769185
-
SHA512
44339f7a8d622e30f3c65aea73cc0187ed8b870c265073137e5996f20bc274526f14e7e92b23b2d93c9aa5b3d75e5df5dfc75fe0d8840e6beea2f6fa350b65f1
-
SSDEEP
49152:0kmKhyq24kI3qebVaqZaHxeaXGtf+rQmgthOe9kUDeTf16HOj+muCP/NOQVh9hPB:0kmKEqlkAbkcaR3XG1SZbUyLWOj9ushd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-