General
-
Target
7b0383f36b4989b7580e6af8dcbc0e03d783f2c41d64805b16f807dea035d6f1
-
Size
2.3MB
-
Sample
240624-1b2c9swclj
-
MD5
84f2db2acef926f4e8b5f4925f434401
-
SHA1
1dfedf5dd119a740b1970a75c398c11fb09a5707
-
SHA256
7b0383f36b4989b7580e6af8dcbc0e03d783f2c41d64805b16f807dea035d6f1
-
SHA512
99fa458eddcf4a095e9a3f10cb5521258cabd5b1e1d7b2bc6f466d49e8ad43da5ca781d831be3c2d9faba53f18eaac9a0deb949980ab4669edc3693419c141ce
-
SSDEEP
49152:TGpvB4PYh2QLfvCXt4FzUmGfgUwE7bzbyeIj:TW4e2QLe21klvzG
Static task
static1
Behavioral task
behavioral1
Sample
7b0383f36b4989b7580e6af8dcbc0e03d783f2c41d64805b16f807dea035d6f1.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
7b0383f36b4989b7580e6af8dcbc0e03d783f2c41d64805b16f807dea035d6f1
-
Size
2.3MB
-
MD5
84f2db2acef926f4e8b5f4925f434401
-
SHA1
1dfedf5dd119a740b1970a75c398c11fb09a5707
-
SHA256
7b0383f36b4989b7580e6af8dcbc0e03d783f2c41d64805b16f807dea035d6f1
-
SHA512
99fa458eddcf4a095e9a3f10cb5521258cabd5b1e1d7b2bc6f466d49e8ad43da5ca781d831be3c2d9faba53f18eaac9a0deb949980ab4669edc3693419c141ce
-
SSDEEP
49152:TGpvB4PYh2QLfvCXt4FzUmGfgUwE7bzbyeIj:TW4e2QLe21klvzG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-