General
-
Target
af93af1a3b927acf080b3aa8fbdc0561208899c99570fa73be61631d185b5818
-
Size
2.3MB
-
Sample
240609-fjlbsseg35
-
MD5
400d270d453c3b3f9c7055c8631d7888
-
SHA1
858710b1965c0cda7a9fab23f6d95b749c7ad00f
-
SHA256
af93af1a3b927acf080b3aa8fbdc0561208899c99570fa73be61631d185b5818
-
SHA512
e8b1c628e50007b2453d36afa3bd140cb1e5b7a23a1605f31f4bf11966faef43350e6ab3f66dfd9f103aea35bf8b0f46507726ce3d265c725d50dc571cb18b94
-
SSDEEP
49152:mOsLG9IUw5CoCNew60m7n16qOR9lJot29U/Uf+4qd4933FP8:UgIUwnCA3bn+M2m4qd0N
Static task
static1
Behavioral task
behavioral1
Sample
af93af1a3b927acf080b3aa8fbdc0561208899c99570fa73be61631d185b5818.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
af93af1a3b927acf080b3aa8fbdc0561208899c99570fa73be61631d185b5818
-
Size
2.3MB
-
MD5
400d270d453c3b3f9c7055c8631d7888
-
SHA1
858710b1965c0cda7a9fab23f6d95b749c7ad00f
-
SHA256
af93af1a3b927acf080b3aa8fbdc0561208899c99570fa73be61631d185b5818
-
SHA512
e8b1c628e50007b2453d36afa3bd140cb1e5b7a23a1605f31f4bf11966faef43350e6ab3f66dfd9f103aea35bf8b0f46507726ce3d265c725d50dc571cb18b94
-
SSDEEP
49152:mOsLG9IUw5CoCNew60m7n16qOR9lJot29U/Uf+4qd4933FP8:UgIUwnCA3bn+M2m4qd0N
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-