General
-
Target
366ecf1f8f1f49a2d3fcdbe9163271cfe979099bc1a1c8c380baa28aad656082
-
Size
2.3MB
-
Sample
240610-myyzrsgh29
-
MD5
2cfa258a6a01618f74ac3e3ff4906362
-
SHA1
20cb177f5c69cf61c479cfc1d7473f245e5f9a63
-
SHA256
366ecf1f8f1f49a2d3fcdbe9163271cfe979099bc1a1c8c380baa28aad656082
-
SHA512
b7a8a33cf3e645defbf31e3458d44479762d45d22ffc204f3fa6f1a83525c3372888d2218da4c1f7bbfe00145ade51a5c5948baae4df789fcc3497d2cf80fba4
-
SSDEEP
49152:tYnt41ahpFQvSAky6D9ld3ZhvfborWxx+oNAE5UnPJ6hDoGUCKz:RcpuxB6hfJdblxx+oV5eB62GUCKz
Static task
static1
Behavioral task
behavioral1
Sample
366ecf1f8f1f49a2d3fcdbe9163271cfe979099bc1a1c8c380baa28aad656082.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
77.91.77.67:58709
Targets
-
-
Target
366ecf1f8f1f49a2d3fcdbe9163271cfe979099bc1a1c8c380baa28aad656082
-
Size
2.3MB
-
MD5
2cfa258a6a01618f74ac3e3ff4906362
-
SHA1
20cb177f5c69cf61c479cfc1d7473f245e5f9a63
-
SHA256
366ecf1f8f1f49a2d3fcdbe9163271cfe979099bc1a1c8c380baa28aad656082
-
SHA512
b7a8a33cf3e645defbf31e3458d44479762d45d22ffc204f3fa6f1a83525c3372888d2218da4c1f7bbfe00145ade51a5c5948baae4df789fcc3497d2cf80fba4
-
SSDEEP
49152:tYnt41ahpFQvSAky6D9ld3ZhvfborWxx+oNAE5UnPJ6hDoGUCKz:RcpuxB6hfJdblxx+oV5eB62GUCKz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-