General
-
Target
1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b
-
Size
2.3MB
-
Sample
240609-kr61paha87
-
MD5
2ab2eb43b5832502a66be0a9194040d1
-
SHA1
88c66bdea8ab54c777a11afbaef40d1d5ae1d403
-
SHA256
1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b
-
SHA512
98529a30e088f6da30d2d461662f933682fa0bc08b53e8b6047fb2679a1dfff0ac658a2775f29447b228d9ea8feb3a5ec41929779603cc759f95787fae14b8c5
-
SSDEEP
49152:TI/0kQBHaJ/3jDPXe3+cOW20Oy4AwDF7CX2bopL6DaKoe8r43kD:m0dHaVTbpcOfACFGdQN0
Static task
static1
Behavioral task
behavioral1
Sample
1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b
-
Size
2.3MB
-
MD5
2ab2eb43b5832502a66be0a9194040d1
-
SHA1
88c66bdea8ab54c777a11afbaef40d1d5ae1d403
-
SHA256
1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b
-
SHA512
98529a30e088f6da30d2d461662f933682fa0bc08b53e8b6047fb2679a1dfff0ac658a2775f29447b228d9ea8feb3a5ec41929779603cc759f95787fae14b8c5
-
SSDEEP
49152:TI/0kQBHaJ/3jDPXe3+cOW20Oy4AwDF7CX2bopL6DaKoe8r43kD:m0dHaVTbpcOfACFGdQN0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-