General
-
Target
73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced
-
Size
2.4MB
-
Sample
240622-fpsytstbql
-
MD5
2eb3a55faf1758dcd3eb4444e2916f67
-
SHA1
9d1183f8d2fcb431f13f2623e7c5576f44f802c3
-
SHA256
73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced
-
SHA512
5efd160d602f7b677c7fa4879081883572ddac9d8206f035e4d06c1337ca4dbc00d23e8abec116f39f58c3eb2f59eea848c7ab61e052279d75d81fe3f1aea544
-
SSDEEP
49152:Yqys0andMZM/mHD2wlGTIL2DyOCAXcrVQKGCGkDwRdnd:As0adMZM/4D2wQs2DeRVcC/DM
Static task
static1
Behavioral task
behavioral1
Sample
73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced
-
Size
2.4MB
-
MD5
2eb3a55faf1758dcd3eb4444e2916f67
-
SHA1
9d1183f8d2fcb431f13f2623e7c5576f44f802c3
-
SHA256
73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced
-
SHA512
5efd160d602f7b677c7fa4879081883572ddac9d8206f035e4d06c1337ca4dbc00d23e8abec116f39f58c3eb2f59eea848c7ab61e052279d75d81fe3f1aea544
-
SSDEEP
49152:Yqys0andMZM/mHD2wlGTIL2DyOCAXcrVQKGCGkDwRdnd:As0adMZM/4D2wQs2DeRVcC/DM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-