General
-
Target
1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c
-
Size
2.3MB
-
Sample
240609-grflysfe28
-
MD5
c0789669276a38bd4905bec0c9fbd2f4
-
SHA1
96997489c3c1bce03d90dc39c5b920ed3280b0b2
-
SHA256
1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c
-
SHA512
4fa7091e68eb289072cde8f495c34313b4ca61dbeb51b634709dbd54ca0e725e9a4b4813495695da35f8d1b46bc169a361591bfc9f46823c72ab3a3bd7026ef7
-
SSDEEP
49152:KAR7jiPpm36Cc+Ne87FmNESB9l7scAKS5Qp7NafDGo6Noa0ZJ1/8dzGUt40arxdp:KE72Po3MigDwLEwLjaSB8v01dp
Static task
static1
Behavioral task
behavioral1
Sample
1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c
-
Size
2.3MB
-
MD5
c0789669276a38bd4905bec0c9fbd2f4
-
SHA1
96997489c3c1bce03d90dc39c5b920ed3280b0b2
-
SHA256
1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c
-
SHA512
4fa7091e68eb289072cde8f495c34313b4ca61dbeb51b634709dbd54ca0e725e9a4b4813495695da35f8d1b46bc169a361591bfc9f46823c72ab3a3bd7026ef7
-
SSDEEP
49152:KAR7jiPpm36Cc+Ne87FmNESB9l7scAKS5Qp7NafDGo6Noa0ZJ1/8dzGUt40arxdp:KE72Po3MigDwLEwLjaSB8v01dp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-