General
-
Target
5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d
-
Size
2.3MB
-
Sample
240609-fgg7csef94
-
MD5
90704b18476bb98b8e0304490913bc61
-
SHA1
b625d82b966b7ee27b31e6af341bf6de9dbb676c
-
SHA256
5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d
-
SHA512
18f1e496cae934c09f6e9874ab00f591edb30b0c14e314da19ec32bdc463eaead893239f7b10b2d0df846eb82db1c41906c79a9e094814f8e0698a358df3590a
-
SSDEEP
49152:R+33ynAJeE1AcD0IomTe6VrBaOk6STvUo5jAfZZ/Nauw:8yAsqnamBdkMRdNa
Static task
static1
Behavioral task
behavioral1
Sample
5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d
-
Size
2.3MB
-
MD5
90704b18476bb98b8e0304490913bc61
-
SHA1
b625d82b966b7ee27b31e6af341bf6de9dbb676c
-
SHA256
5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d
-
SHA512
18f1e496cae934c09f6e9874ab00f591edb30b0c14e314da19ec32bdc463eaead893239f7b10b2d0df846eb82db1c41906c79a9e094814f8e0698a358df3590a
-
SSDEEP
49152:R+33ynAJeE1AcD0IomTe6VrBaOk6STvUo5jAfZZ/Nauw:8yAsqnamBdkMRdNa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-