General
-
Target
c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c
-
Size
2.3MB
-
Sample
240608-xhydeaef7v
-
MD5
1ac6271ce2ea5ab1a906db2ef3750c27
-
SHA1
ec79c1403e063de7687ad80433eed6ce7d077ffb
-
SHA256
c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c
-
SHA512
91d1350e96d0fd038c0287a9733c6813489dba40c14edfcae9e48c1dd0b17faac128e6e1b35b3b89c905b9fae9c0692e50a946b6f0dafd686332599a381b9656
-
SSDEEP
49152:MTWK9wc7JMnmU0aBVoaQ/UDy7jh7qPut6MXbg0cf6/BacoWC:MTRbeFoaQ/UDuhD8MX8ji/To
Static task
static1
Behavioral task
behavioral1
Sample
c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c
-
Size
2.3MB
-
MD5
1ac6271ce2ea5ab1a906db2ef3750c27
-
SHA1
ec79c1403e063de7687ad80433eed6ce7d077ffb
-
SHA256
c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c
-
SHA512
91d1350e96d0fd038c0287a9733c6813489dba40c14edfcae9e48c1dd0b17faac128e6e1b35b3b89c905b9fae9c0692e50a946b6f0dafd686332599a381b9656
-
SSDEEP
49152:MTWK9wc7JMnmU0aBVoaQ/UDy7jh7qPut6MXbg0cf6/BacoWC:MTRbeFoaQ/UDuhD8MX8ji/To
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-