General
-
Target
9c24f5f40a6fdc5cf07e6ed674f326d2e8b40d187ef72a423ce07a19605df653
-
Size
2.3MB
-
Sample
240621-f9l11stbjj
-
MD5
f778be2337a9c0e31ce9b35f42e9bc80
-
SHA1
6a01b791a09d4d7c472c68b0c7e2aa0ec008ae0c
-
SHA256
9c24f5f40a6fdc5cf07e6ed674f326d2e8b40d187ef72a423ce07a19605df653
-
SHA512
434e4146b2d5938ab442a3465026e719289d7c4ce703dc2f9edd68dbad0411b0122c02931e881510d680f442e813ac493b3600e49cd2091e5cd25347c9a46868
-
SSDEEP
49152:0gmCzZRp2fwYg7bNlV/5OCmhNIeMy4Izd6IxFHH02oKuUQhjt:0g/VXQg7zVBOCmhNayrddzH+bUo
Static task
static1
Behavioral task
behavioral1
Sample
9c24f5f40a6fdc5cf07e6ed674f326d2e8b40d187ef72a423ce07a19605df653.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
9c24f5f40a6fdc5cf07e6ed674f326d2e8b40d187ef72a423ce07a19605df653
-
Size
2.3MB
-
MD5
f778be2337a9c0e31ce9b35f42e9bc80
-
SHA1
6a01b791a09d4d7c472c68b0c7e2aa0ec008ae0c
-
SHA256
9c24f5f40a6fdc5cf07e6ed674f326d2e8b40d187ef72a423ce07a19605df653
-
SHA512
434e4146b2d5938ab442a3465026e719289d7c4ce703dc2f9edd68dbad0411b0122c02931e881510d680f442e813ac493b3600e49cd2091e5cd25347c9a46868
-
SSDEEP
49152:0gmCzZRp2fwYg7bNlV/5OCmhNIeMy4Izd6IxFHH02oKuUQhjt:0g/VXQg7zVBOCmhNayrddzH+bUo
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-