General
-
Target
0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f
-
Size
2.4MB
-
Sample
240609-grc6tsfe26
-
MD5
07bc92e4c0c8007939e9e7d3c2c04b8b
-
SHA1
86fcc838b694bd30d1c9b9b9c618bde6e41e3818
-
SHA256
0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f
-
SHA512
b8d95d215d7935b36165c26a63a6885daccaed89d20f52558f9a3052decc79c36aa9801ae0d13065af6d04777c0b68369c040f4252e69db21435d7daa714e755
-
SSDEEP
49152:1nZOzQfJzZowrQoknl3hOiOh8yG+tq/V1JKQRTnXaF/3E+:1LfHNEoknvJYGvJKQRTq5
Static task
static1
Behavioral task
behavioral1
Sample
0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f
-
Size
2.4MB
-
MD5
07bc92e4c0c8007939e9e7d3c2c04b8b
-
SHA1
86fcc838b694bd30d1c9b9b9c618bde6e41e3818
-
SHA256
0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f
-
SHA512
b8d95d215d7935b36165c26a63a6885daccaed89d20f52558f9a3052decc79c36aa9801ae0d13065af6d04777c0b68369c040f4252e69db21435d7daa714e755
-
SSDEEP
49152:1nZOzQfJzZowrQoknl3hOiOh8yG+tq/V1JKQRTnXaF/3E+:1LfHNEoknvJYGvJKQRTq5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-