General
-
Target
8d0ded5d0ece843b785a95f4858becc694e5f8df66df63713770b0b4b549505b
-
Size
2.3MB
-
Sample
240608-v1lffsef62
-
MD5
9369219a10edd4ab1ce22ee15baaed8e
-
SHA1
2586cd96a5d5d886c69b8e357847b3e18f81c3d2
-
SHA256
8d0ded5d0ece843b785a95f4858becc694e5f8df66df63713770b0b4b549505b
-
SHA512
99d83b41b95c875a0cd90beb3a0c904636c492b4879fa91be2adc585bbb9a6161217fb0164f460c997a33f25c8ebf04b660bba5d2fe828a2aeed7dd596f0ca7d
-
SSDEEP
49152:1w/4iqeEJoq0gFlsHwfg9ORBOqPOU8qPhmtkogpqOLe:1otECAAQY9ORBOqPOU8Ehugpl
Static task
static1
Behavioral task
behavioral1
Sample
8d0ded5d0ece843b785a95f4858becc694e5f8df66df63713770b0b4b549505b.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
8d0ded5d0ece843b785a95f4858becc694e5f8df66df63713770b0b4b549505b
-
Size
2.3MB
-
MD5
9369219a10edd4ab1ce22ee15baaed8e
-
SHA1
2586cd96a5d5d886c69b8e357847b3e18f81c3d2
-
SHA256
8d0ded5d0ece843b785a95f4858becc694e5f8df66df63713770b0b4b549505b
-
SHA512
99d83b41b95c875a0cd90beb3a0c904636c492b4879fa91be2adc585bbb9a6161217fb0164f460c997a33f25c8ebf04b660bba5d2fe828a2aeed7dd596f0ca7d
-
SSDEEP
49152:1w/4iqeEJoq0gFlsHwfg9ORBOqPOU8qPhmtkogpqOLe:1otECAAQY9ORBOqPOU8Ehugpl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-