General
-
Target
9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25
-
Size
2.3MB
-
Sample
240609-plplnsbb65
-
MD5
316f690451f9539799ba04cc75ee0ed9
-
SHA1
31f5532fb8f7dd5e7635adcb4f68a03c515cf634
-
SHA256
9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25
-
SHA512
df9fb818d4ecd42cad1b5aed7dd1a83f01f39f00055df261bf7036c04bf8dcf3f331ac701de116ce0218dba8d5c9133942f56f37ccd9f873dd204148578190b4
-
SSDEEP
49152:rmAQ2BGWfJAlMerjlgHV4maoi4I9TmfFCowSKaHyEd:r+2B4rvM4mf3EmNjz
Static task
static1
Behavioral task
behavioral1
Sample
9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25
-
Size
2.3MB
-
MD5
316f690451f9539799ba04cc75ee0ed9
-
SHA1
31f5532fb8f7dd5e7635adcb4f68a03c515cf634
-
SHA256
9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25
-
SHA512
df9fb818d4ecd42cad1b5aed7dd1a83f01f39f00055df261bf7036c04bf8dcf3f331ac701de116ce0218dba8d5c9133942f56f37ccd9f873dd204148578190b4
-
SSDEEP
49152:rmAQ2BGWfJAlMerjlgHV4maoi4I9TmfFCowSKaHyEd:r+2B4rvM4mf3EmNjz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-