General
-
Target
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501
-
Size
2.1MB
-
Sample
240415-1aah6aah7s
-
MD5
b2e235bd1d4efe7b53fc3db1b59f4618
-
SHA1
32f689eecd2b9396557a60cd623dfc7bb9ac959f
-
SHA256
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501
-
SHA512
1f8bd7942a5c23c54a83085d7d1693408bdf12e2b937a70cf6be447b9d2eaf4318d26093795e05f0599fee7ecbd455a45f4a62e9e2fb190a9110d380790290e4
-
SSDEEP
49152:pSUl6vD5DxN6HHLJ9tczZDouaGrs4IilSbq+hdoG2:pSSwD5DxkeUuaOIKcTq
Static task
static1
Behavioral task
behavioral1
Sample
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501.exe
Resource
win11-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501
-
Size
2.1MB
-
MD5
b2e235bd1d4efe7b53fc3db1b59f4618
-
SHA1
32f689eecd2b9396557a60cd623dfc7bb9ac959f
-
SHA256
f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501
-
SHA512
1f8bd7942a5c23c54a83085d7d1693408bdf12e2b937a70cf6be447b9d2eaf4318d26093795e05f0599fee7ecbd455a45f4a62e9e2fb190a9110d380790290e4
-
SSDEEP
49152:pSUl6vD5DxN6HHLJ9tczZDouaGrs4IilSbq+hdoG2:pSSwD5DxkeUuaOIKcTq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-