General
-
Target
204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d
-
Size
2.3MB
-
Sample
240609-bcw3habg72
-
MD5
79fe89db6a683e2f33d7f105167f5798
-
SHA1
a02d5809697a5ab6e5f85d385250486ff504f1d7
-
SHA256
204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d
-
SHA512
3f1f6c818fc069c87c0ecb5d370d8c98d90aa3f066f373986135967dcc2d3f16b900b024a683d6b74719ffd40b1350ffea24290bfde379519d29818ce2319f78
-
SSDEEP
49152:bvTBoyftKXTdkeRaKYzoV6e1oNvx5lNEB0eXnFz:b9oyUDpRaKYz06e14vhNQ0inl
Static task
static1
Behavioral task
behavioral1
Sample
204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d
-
Size
2.3MB
-
MD5
79fe89db6a683e2f33d7f105167f5798
-
SHA1
a02d5809697a5ab6e5f85d385250486ff504f1d7
-
SHA256
204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d
-
SHA512
3f1f6c818fc069c87c0ecb5d370d8c98d90aa3f066f373986135967dcc2d3f16b900b024a683d6b74719ffd40b1350ffea24290bfde379519d29818ce2319f78
-
SSDEEP
49152:bvTBoyftKXTdkeRaKYzoV6e1oNvx5lNEB0eXnFz:b9oyUDpRaKYz06e14vhNQ0inl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-