General
-
Target
0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897
-
Size
2.3MB
-
Sample
240608-tw47bsdc5x
-
MD5
2bdeb463858b97083d2bfe1d3f2ae096
-
SHA1
e12d4746d01196499ff3a57d65ab7183d226e990
-
SHA256
0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897
-
SHA512
aa9e7b17faf469d607c80cba9ee81f80755d70155b9ac5ee67f144bf8d07d993248d40ffb1ef29f398e304e21783ee09b424b6e144b6648790cf1401cb0061be
-
SSDEEP
49152:kK8oeQxZobx9M5Bz2huzxMDDQLAEYLACAPj3vWRcRD3jxS5:teQxWxWXz2ENMD8LAdACAr/QcRDzxS5
Static task
static1
Behavioral task
behavioral1
Sample
0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897
-
Size
2.3MB
-
MD5
2bdeb463858b97083d2bfe1d3f2ae096
-
SHA1
e12d4746d01196499ff3a57d65ab7183d226e990
-
SHA256
0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897
-
SHA512
aa9e7b17faf469d607c80cba9ee81f80755d70155b9ac5ee67f144bf8d07d993248d40ffb1ef29f398e304e21783ee09b424b6e144b6648790cf1401cb0061be
-
SSDEEP
49152:kK8oeQxZobx9M5Bz2huzxMDDQLAEYLACAPj3vWRcRD3jxS5:teQxWxWXz2ENMD8LAdACAr/QcRDzxS5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-