General
-
Target
7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387
-
Size
2.3MB
-
Sample
240622-g9cb9avdqr
-
MD5
e97f89c5aa755a43dee6c55eb5b18b8d
-
SHA1
55429b4292bd4354b8540999fa9d8ee81bc8fa8c
-
SHA256
7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387
-
SHA512
228a18756be3ffa5511b48f4c31619bb15f7479888dc59aa4f243b94a875d88f7abb83217d67b6e2dbee0c38ae655ed3b129f24041fca85c1f75490a26a38fb6
-
SSDEEP
24576:G0hzvKAMGTo24GpcF1Vs4l/UKHQ5CoOcq7Kk7AoQQIG6J8NJWBPl8bWe4nXtqtq3:GOm3iCTC2/U63yV26nkAFGTOJ/ySd
Static task
static1
Behavioral task
behavioral1
Sample
7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387
-
Size
2.3MB
-
MD5
e97f89c5aa755a43dee6c55eb5b18b8d
-
SHA1
55429b4292bd4354b8540999fa9d8ee81bc8fa8c
-
SHA256
7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387
-
SHA512
228a18756be3ffa5511b48f4c31619bb15f7479888dc59aa4f243b94a875d88f7abb83217d67b6e2dbee0c38ae655ed3b129f24041fca85c1f75490a26a38fb6
-
SSDEEP
24576:G0hzvKAMGTo24GpcF1Vs4l/UKHQ5CoOcq7Kk7AoQQIG6J8NJWBPl8bWe4nXtqtq3:GOm3iCTC2/U63yV26nkAFGTOJ/ySd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-