General
-
Target
49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081.exe
-
Size
2.1MB
-
Sample
240415-bg88madb9y
-
MD5
89227af5a4e508046dba0f2379366f24
-
SHA1
dcfbc380cc4b8749a0122f3f6e6f05a9ffaa5597
-
SHA256
49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081
-
SHA512
01dfba70a35f591850a7c37ded5ec7ca145fa436f9a98ebc1a45588147365aec1b55cc1f8180b1ed35d56278a94b37ec355a7134c2ecfff878e7389ef4aa2cdd
-
SSDEEP
49152:1SUl6vD5DxN6HHLJFwvvPMLOVNdtH5v3dHd0mQE4tN0y6a24:1SSwD5DxksPEO7FZ2PtNj6a24
Static task
static1
Behavioral task
behavioral1
Sample
49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081.exe
-
Size
2.1MB
-
MD5
89227af5a4e508046dba0f2379366f24
-
SHA1
dcfbc380cc4b8749a0122f3f6e6f05a9ffaa5597
-
SHA256
49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081
-
SHA512
01dfba70a35f591850a7c37ded5ec7ca145fa436f9a98ebc1a45588147365aec1b55cc1f8180b1ed35d56278a94b37ec355a7134c2ecfff878e7389ef4aa2cdd
-
SSDEEP
49152:1SUl6vD5DxN6HHLJFwvvPMLOVNdtH5v3dHd0mQE4tN0y6a24:1SSwD5DxksPEO7FZ2PtNj6a24
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-