General
-
Target
b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513
-
Size
2.3MB
-
Sample
240610-m1dfvagh39
-
MD5
86d67aff920d2cd64d3cf030036fccaf
-
SHA1
a88240c2883a74f1cd3c745a2a52aae4470ad368
-
SHA256
b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513
-
SHA512
10c6432ff98ecb5db9d311f7b3164599b69bd5dfcf222bc1307590abc4fbd71a16b4c91da2433b1192e06a992bf37a8e49f6453cb7c0251a54c8a4fde3961f16
-
SSDEEP
49152:Ty1eon8mOCqoNeZcqgeG8AFT/13T0QQihrT4Z4ENXf8e6y0:2Ew8mLqoacqY8mT/5Z9S3uVy
Static task
static1
Behavioral task
behavioral1
Sample
b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.67:58709
Targets
-
-
Target
b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513
-
Size
2.3MB
-
MD5
86d67aff920d2cd64d3cf030036fccaf
-
SHA1
a88240c2883a74f1cd3c745a2a52aae4470ad368
-
SHA256
b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513
-
SHA512
10c6432ff98ecb5db9d311f7b3164599b69bd5dfcf222bc1307590abc4fbd71a16b4c91da2433b1192e06a992bf37a8e49f6453cb7c0251a54c8a4fde3961f16
-
SSDEEP
49152:Ty1eon8mOCqoNeZcqgeG8AFT/13T0QQihrT4Z4ENXf8e6y0:2Ew8mLqoacqY8mT/5Z9S3uVy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-