General
-
Target
5d15f4739a8a71f273622497f901342a96509fea75fc7d589e3a352951ea14ae
-
Size
2.3MB
-
Sample
240608-3vmekabb37
-
MD5
7e0a3ca5b548315992bb7f304cff1958
-
SHA1
5167fc3a2332dcbf322d7980738d484a5dfbcf23
-
SHA256
5d15f4739a8a71f273622497f901342a96509fea75fc7d589e3a352951ea14ae
-
SHA512
3b0f5f5aafe547806b85eaee3df4820b5314d9dfd2d163e2d54691aabd0f67573df8392f70d5d6218d7da9265b2f7ca183cebfda4212c5b9894a32a2fc86e494
-
SSDEEP
49152:TfJdoCyK5lxkfkHNjFBGlisZpsJ6mkm9YflaYg:TfJdoM5lCfkHNjFA5LsUm+t
Static task
static1
Behavioral task
behavioral1
Sample
5d15f4739a8a71f273622497f901342a96509fea75fc7d589e3a352951ea14ae.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
5d15f4739a8a71f273622497f901342a96509fea75fc7d589e3a352951ea14ae
-
Size
2.3MB
-
MD5
7e0a3ca5b548315992bb7f304cff1958
-
SHA1
5167fc3a2332dcbf322d7980738d484a5dfbcf23
-
SHA256
5d15f4739a8a71f273622497f901342a96509fea75fc7d589e3a352951ea14ae
-
SHA512
3b0f5f5aafe547806b85eaee3df4820b5314d9dfd2d163e2d54691aabd0f67573df8392f70d5d6218d7da9265b2f7ca183cebfda4212c5b9894a32a2fc86e494
-
SSDEEP
49152:TfJdoCyK5lxkfkHNjFBGlisZpsJ6mkm9YflaYg:TfJdoM5lCfkHNjFA5LsUm+t
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-