General
-
Target
tmp
-
Size
2.2MB
-
Sample
240414-rjmemsca6w
-
MD5
7411eeb34304589a064afbea62fc2da9
-
SHA1
00977a8b39487486c70991cf75e1e3d33bcdc9ac
-
SHA256
601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869
-
SHA512
f20fc4c9fd155ce801f3b595382ba6b842122c492415d80c68a29a75b628853a7be786c8e75e7b6126257b8c6831beece1ea8f4142fad74a500ff68173dd90d2
-
SSDEEP
49152:6SUl6vD5DxN6HHLJ9tynaxoE39lD58kdwe/WS2OXRB2bHYFD:6SSwD5Dxk6a3vHdwqBg4V
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240220-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
tmp
-
Size
2.2MB
-
MD5
7411eeb34304589a064afbea62fc2da9
-
SHA1
00977a8b39487486c70991cf75e1e3d33bcdc9ac
-
SHA256
601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869
-
SHA512
f20fc4c9fd155ce801f3b595382ba6b842122c492415d80c68a29a75b628853a7be786c8e75e7b6126257b8c6831beece1ea8f4142fad74a500ff68173dd90d2
-
SSDEEP
49152:6SUl6vD5DxN6HHLJ9tynaxoE39lD58kdwe/WS2OXRB2bHYFD:6SSwD5Dxk6a3vHdwqBg4V
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-