General
-
Target
75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828
-
Size
2.3MB
-
Sample
240621-djrgps1bkp
-
MD5
bafbba63c6a5beb14f167e408eac044d
-
SHA1
99ab2b422709d6000c03f5238ce3d2077c044ff4
-
SHA256
75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828
-
SHA512
0ec15c2fbf768d22e8397359f4769e105337ae38867e36869bec001720ed9d0902e358a3ad0c774046e756c497e85fed759bb4024019735af97211a371288aec
-
SSDEEP
49152:th3x+S9GBMkGAIvufJisbryel6eeKEGNW5EjmClv:th3xeMIs4l6nBGNgEj1
Static task
static1
Behavioral task
behavioral1
Sample
75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828
-
Size
2.3MB
-
MD5
bafbba63c6a5beb14f167e408eac044d
-
SHA1
99ab2b422709d6000c03f5238ce3d2077c044ff4
-
SHA256
75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828
-
SHA512
0ec15c2fbf768d22e8397359f4769e105337ae38867e36869bec001720ed9d0902e358a3ad0c774046e756c497e85fed759bb4024019735af97211a371288aec
-
SSDEEP
49152:th3x+S9GBMkGAIvufJisbryel6eeKEGNW5EjmClv:th3xeMIs4l6nBGNgEj1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-