General
-
Target
8a832853e54fd7eb282d5bd3650e435ce0ff69e2d0d5554eccb3281b5a3f0b88
-
Size
2.3MB
-
Sample
240621-btm6xsyfjp
-
MD5
ee2b9d7295bb57ae490a98d20e93b0aa
-
SHA1
a6cdaa39df7fb21f9f017d924a0746de2bdb62e7
-
SHA256
8a832853e54fd7eb282d5bd3650e435ce0ff69e2d0d5554eccb3281b5a3f0b88
-
SHA512
a3b86bf385d00b331a607a5618bc0bbca98037f2d086748662d4808fd6cdfd2beaabe9e54226915abb652e6d772665b2f772699f70be414f796e157d5be3f9eb
-
SSDEEP
49152:8Bt3J7/3nTaFTc/+QuLlWrllY4mjHAz9Eoo5avxnECyGHtsGv:8Lt/3TaFTc/qlWrllY4m7Az9y5cxECys
Static task
static1
Behavioral task
behavioral1
Sample
8a832853e54fd7eb282d5bd3650e435ce0ff69e2d0d5554eccb3281b5a3f0b88.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
8a832853e54fd7eb282d5bd3650e435ce0ff69e2d0d5554eccb3281b5a3f0b88
-
Size
2.3MB
-
MD5
ee2b9d7295bb57ae490a98d20e93b0aa
-
SHA1
a6cdaa39df7fb21f9f017d924a0746de2bdb62e7
-
SHA256
8a832853e54fd7eb282d5bd3650e435ce0ff69e2d0d5554eccb3281b5a3f0b88
-
SHA512
a3b86bf385d00b331a607a5618bc0bbca98037f2d086748662d4808fd6cdfd2beaabe9e54226915abb652e6d772665b2f772699f70be414f796e157d5be3f9eb
-
SSDEEP
49152:8Bt3J7/3nTaFTc/+QuLlWrllY4mjHAz9Eoo5avxnECyGHtsGv:8Lt/3TaFTc/qlWrllY4m7Az9y5cxECys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-