General
-
Target
tmp
-
Size
2.2MB
-
Sample
240414-q1ssbagh86
-
MD5
96684fb3f687a83712e37790a11604ba
-
SHA1
0424c4b88db0290c4b8bb48ab6682d430c50cdae
-
SHA256
10cc671c0f38fbb5a5b6cfff52d41d1417d4133cca7854c17cc9cb8dcb3d8aa5
-
SHA512
3d12a7cc0b5f7bed343989a484a64d31b44b86b8e5b4d05ffa324f7bc0167cc527507e999c96fcb516349e91dd9e19aafae70ddb77f5793f79609302120e7d8c
-
SSDEEP
49152:pSUl6vD5DxN6HHLJFwvhNNS/1eejLKq0BEQDZ2sxDX6Zj/VLnUK:pSSwD5DxkYSJjYVN2sxDAZnUK
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
tmp
-
Size
2.2MB
-
MD5
96684fb3f687a83712e37790a11604ba
-
SHA1
0424c4b88db0290c4b8bb48ab6682d430c50cdae
-
SHA256
10cc671c0f38fbb5a5b6cfff52d41d1417d4133cca7854c17cc9cb8dcb3d8aa5
-
SHA512
3d12a7cc0b5f7bed343989a484a64d31b44b86b8e5b4d05ffa324f7bc0167cc527507e999c96fcb516349e91dd9e19aafae70ddb77f5793f79609302120e7d8c
-
SSDEEP
49152:pSUl6vD5DxN6HHLJFwvhNNS/1eejLKq0BEQDZ2sxDX6Zj/VLnUK:pSSwD5DxkYSJjYVN2sxDAZnUK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-