General
-
Target
597db85d1ba8efac0093dfd77b0f12c0e623c1888d59c57f84687eef288a2eae
-
Size
2.3MB
-
Sample
240622-ks3pnascld
-
MD5
5e6c93368c806d23ab65c73d285897d8
-
SHA1
c8884b1f402d54a2683a99dbd18905e5bc3e778c
-
SHA256
597db85d1ba8efac0093dfd77b0f12c0e623c1888d59c57f84687eef288a2eae
-
SHA512
eee502e09d97c50199f0d3cdc80fecc59edc915bb576dfddf80876155d7935457305d2a2856ac2bdfec37f92711e8e393f06c4dda3251f282213579728d8db83
-
SSDEEP
49152:225BLJe5N8QcSKxOi7FvDqYmLerCJz3Fg59Smh+dts7x:2uBLAcSKxO6FmheeJz3cSw+dts
Static task
static1
Behavioral task
behavioral1
Sample
597db85d1ba8efac0093dfd77b0f12c0e623c1888d59c57f84687eef288a2eae.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
597db85d1ba8efac0093dfd77b0f12c0e623c1888d59c57f84687eef288a2eae
-
Size
2.3MB
-
MD5
5e6c93368c806d23ab65c73d285897d8
-
SHA1
c8884b1f402d54a2683a99dbd18905e5bc3e778c
-
SHA256
597db85d1ba8efac0093dfd77b0f12c0e623c1888d59c57f84687eef288a2eae
-
SHA512
eee502e09d97c50199f0d3cdc80fecc59edc915bb576dfddf80876155d7935457305d2a2856ac2bdfec37f92711e8e393f06c4dda3251f282213579728d8db83
-
SSDEEP
49152:225BLJe5N8QcSKxOi7FvDqYmLerCJz3Fg59Smh+dts7x:2uBLAcSKxO6FmheeJz3cSw+dts
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-