General
-
Target
23e78c49b0e3e522c209dfd727efe0d5197983d2e7c9250aec2f9f3762bd238f
-
Size
2.3MB
-
Sample
240609-bdymqabg86
-
MD5
fb0b415eafc1b8c7227b9492c8639390
-
SHA1
d88df44c6746f187539b0650ef57692415dbdb24
-
SHA256
23e78c49b0e3e522c209dfd727efe0d5197983d2e7c9250aec2f9f3762bd238f
-
SHA512
beb14d7083df328c1fb2e50e478b4a52f94943f350ce9fbd82ee895ce9683bf634f56eddcfa80edab68aa5d7f05ea24c1c7bc31815c4830d15897960460fed8f
-
SSDEEP
49152:sVPux+Aff9GgdLym7AM4tZugvBjfWRdSO9pEHAu:s+qmHYyd19pEHt
Static task
static1
Behavioral task
behavioral1
Sample
23e78c49b0e3e522c209dfd727efe0d5197983d2e7c9250aec2f9f3762bd238f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
23e78c49b0e3e522c209dfd727efe0d5197983d2e7c9250aec2f9f3762bd238f
-
Size
2.3MB
-
MD5
fb0b415eafc1b8c7227b9492c8639390
-
SHA1
d88df44c6746f187539b0650ef57692415dbdb24
-
SHA256
23e78c49b0e3e522c209dfd727efe0d5197983d2e7c9250aec2f9f3762bd238f
-
SHA512
beb14d7083df328c1fb2e50e478b4a52f94943f350ce9fbd82ee895ce9683bf634f56eddcfa80edab68aa5d7f05ea24c1c7bc31815c4830d15897960460fed8f
-
SSDEEP
49152:sVPux+Aff9GgdLym7AM4tZugvBjfWRdSO9pEHAu:s+qmHYyd19pEHt
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-