General
-
Target
04846dc5508416f587d93cf835520d8a.bin
-
Size
2.1MB
-
Sample
240415-bcnfcsac42
-
MD5
cdcf73aff24ec015ecd2f02d0f3582c0
-
SHA1
669718307c72bbf810ae1b20135137855ed493a5
-
SHA256
1f4c0ffe6a465dc997b31c9e15c9706caf6e2c712ef219e3137fbb03586d3dbf
-
SHA512
e6a8fb7ae4fc68dab9d80373747db9490769b417be26432fd06afd7bcebeb795792b11702064b8cac42fcf11f7f0dbfd0f8900dc5ac0cf353c4cc7ddf3190cf2
-
SSDEEP
49152:k2lnw6H/qQCd03RJrwCPowYI3XhgfsKasHQreKb3rsG0PU:k2a6H/5wIRJowQfshQQeKspPU
Static task
static1
Behavioral task
behavioral1
Sample
4c83fa749481d0d8549034facf59317f713674625c990e83dcb6ec3e00fc2447.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
4c83fa749481d0d8549034facf59317f713674625c990e83dcb6ec3e00fc2447.exe
-
Size
2.2MB
-
MD5
04846dc5508416f587d93cf835520d8a
-
SHA1
a3208669e2ada3896567d0acb07fc29ff68c3358
-
SHA256
4c83fa749481d0d8549034facf59317f713674625c990e83dcb6ec3e00fc2447
-
SHA512
e9110a82691a7ac800f6d93d2aff96c5ed0f768dce29e4d8df99ce48515ef45a25d4843d3c97f3e9814c03406fea1fcf5d601b276139a870f1241c645e21812e
-
SSDEEP
49152:PSUl6vD5DxN6HHLJFwkXeUND1XvwRpJrI1BblT6j/WHt12fdDD:PSSwD5DxkSgwJrI1QIT2fdDD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-