General
-
Target
a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9
-
Size
2.3MB
-
Sample
240609-aa1ggaae4v
-
MD5
ffba825c47e934996f38d23b3d2e4e80
-
SHA1
11422d69929e8088a0b95a5073fa0505634fe8da
-
SHA256
a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9
-
SHA512
82390d1914e0224a6b1ea83275ecbebbe161e93cbfda20942ece5e9c296cbfbcf561d6538323fd452de583ffbfe0c5b690433f9472a85f09d1cbbbdc58cf8b3b
-
SSDEEP
49152:aIvvc1lePNx2VfWQNfw7/RaGZ+CyOO+e1sZR7DNmzodKrxKlW8KWn10mp:aInc1mnMuQJWTuO21sZR7DNEIZKWnim
Static task
static1
Behavioral task
behavioral1
Sample
a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9
-
Size
2.3MB
-
MD5
ffba825c47e934996f38d23b3d2e4e80
-
SHA1
11422d69929e8088a0b95a5073fa0505634fe8da
-
SHA256
a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9
-
SHA512
82390d1914e0224a6b1ea83275ecbebbe161e93cbfda20942ece5e9c296cbfbcf561d6538323fd452de583ffbfe0c5b690433f9472a85f09d1cbbbdc58cf8b3b
-
SSDEEP
49152:aIvvc1lePNx2VfWQNfw7/RaGZ+CyOO+e1sZR7DNmzodKrxKlW8KWn10mp:aInc1mnMuQJWTuO21sZR7DNEIZKWnim
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-