General
-
Target
2b0a6dee4b12b6eb393725d709c3998952f57b7d4fb03fb65caf16ce6c4e7718
-
Size
2.3MB
-
Sample
240604-kg5d4sbe53
-
MD5
e71e7a73294ae0c1cdf1427792dacfa6
-
SHA1
6c8d32a84ac888663e96db591b18f5f97ac5a82c
-
SHA256
2b0a6dee4b12b6eb393725d709c3998952f57b7d4fb03fb65caf16ce6c4e7718
-
SHA512
079d0ecf868f9275d17cb07a5e5faa62def11de8abedb67373580ff658f22b7588318cee13d42e191c80c95c4515e0bb31ae059563f5bb58e30542565295e38c
-
SSDEEP
49152:VRPNhg51I1W0drXaMiwPPDy0o+c60tAUOYd+hnifCKalZMz/O:VdNKElYYKs0tAUOFwCKal
Static task
static1
Behavioral task
behavioral1
Sample
2b0a6dee4b12b6eb393725d709c3998952f57b7d4fb03fb65caf16ce6c4e7718.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
2b0a6dee4b12b6eb393725d709c3998952f57b7d4fb03fb65caf16ce6c4e7718
-
Size
2.3MB
-
MD5
e71e7a73294ae0c1cdf1427792dacfa6
-
SHA1
6c8d32a84ac888663e96db591b18f5f97ac5a82c
-
SHA256
2b0a6dee4b12b6eb393725d709c3998952f57b7d4fb03fb65caf16ce6c4e7718
-
SHA512
079d0ecf868f9275d17cb07a5e5faa62def11de8abedb67373580ff658f22b7588318cee13d42e191c80c95c4515e0bb31ae059563f5bb58e30542565295e38c
-
SSDEEP
49152:VRPNhg51I1W0drXaMiwPPDy0o+c60tAUOYd+hnifCKalZMz/O:VdNKElYYKs0tAUOFwCKal
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-