General
-
Target
e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3
-
Size
2.4MB
-
Sample
240621-szrvqswclg
-
MD5
16db47f760a93a0ae25fed6ebb555d8b
-
SHA1
e4ddf8ad625ba3f5f7d43bc1f8a60c0046ce2f38
-
SHA256
e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3
-
SHA512
4386ceac9e046e6c7a595a16bf4f85037db35d2705c8f5727afd4e688047f3418701cc8bc57d5063e085d47d59957cc269bd8badfe5501de38e22a5c6e2634ab
-
SSDEEP
49152:qcAdEKTLiqQ4KupW4TaxQDd5jYZswPkT9g:qQKk0pW4cQ30+Zg
Static task
static1
Behavioral task
behavioral1
Sample
e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3
-
Size
2.4MB
-
MD5
16db47f760a93a0ae25fed6ebb555d8b
-
SHA1
e4ddf8ad625ba3f5f7d43bc1f8a60c0046ce2f38
-
SHA256
e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3
-
SHA512
4386ceac9e046e6c7a595a16bf4f85037db35d2705c8f5727afd4e688047f3418701cc8bc57d5063e085d47d59957cc269bd8badfe5501de38e22a5c6e2634ab
-
SSDEEP
49152:qcAdEKTLiqQ4KupW4TaxQDd5jYZswPkT9g:qQKk0pW4cQ30+Zg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-