General
-
Target
1691641c83fadcef5b800f95e01e08209aaefccbe77cba4f75ed332df14ea1ff
-
Size
2.3MB
-
Sample
240609-lzs98shg57
-
MD5
104247b4e4786e9adfa5338123c67190
-
SHA1
a0c6c1010675f702e6edfceae9368cf720d6a832
-
SHA256
1691641c83fadcef5b800f95e01e08209aaefccbe77cba4f75ed332df14ea1ff
-
SHA512
a61759cb6abb13224d53d6c2713c0d51c9f1802e9d84a5f170104dbe9e29f891d566f4166ded9587a07ee26e5920325c89215d288b7592335276978619f01c4f
-
SSDEEP
49152:h9epaUmgHZzFE5sMIgG9YDi3N7x1CZ4aelDGgbr68IY:h9aBm8ZzG5sxgGOwOgf6
Static task
static1
Behavioral task
behavioral1
Sample
1691641c83fadcef5b800f95e01e08209aaefccbe77cba4f75ed332df14ea1ff.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
1691641c83fadcef5b800f95e01e08209aaefccbe77cba4f75ed332df14ea1ff
-
Size
2.3MB
-
MD5
104247b4e4786e9adfa5338123c67190
-
SHA1
a0c6c1010675f702e6edfceae9368cf720d6a832
-
SHA256
1691641c83fadcef5b800f95e01e08209aaefccbe77cba4f75ed332df14ea1ff
-
SHA512
a61759cb6abb13224d53d6c2713c0d51c9f1802e9d84a5f170104dbe9e29f891d566f4166ded9587a07ee26e5920325c89215d288b7592335276978619f01c4f
-
SSDEEP
49152:h9epaUmgHZzFE5sMIgG9YDi3N7x1CZ4aelDGgbr68IY:h9aBm8ZzG5sxgGOwOgf6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-