General
-
Target
24f93bc40d2311c39b1253e857fb2655.bin
-
Size
2.1MB
-
Sample
240415-bgqfhsdb7v
-
MD5
b0701dfe00ee04c1c16b2797f123a048
-
SHA1
af43d791c4a8bed8116788a7aa55d80a3c21a3a2
-
SHA256
31ce7dbb2477685616277ef855ee8998385420c747c6a0c676e76c3ba92c8698
-
SHA512
89c4a8c074a8109b4e332883f641a3cbc5eee6efe455de75d5fe3602afa0cfb6cd13dff55a2460096d63b17a5476fd2648f9c91a4b5c3be3eca842cbf841845b
-
SSDEEP
49152:VhZY5fi+gWeXc9QUUcuNa7Fs4MUVdAnqEeLhnwH1O7cn8Ler5LzVvsVNFp1Y2I:2f0WeXMUb7JqEe+HWA8LOBvsV3I
Static task
static1
Behavioral task
behavioral1
Sample
8ff46cb27c8e2d709b0c058e59f0afbad9615eab9dbf17060260d7e68a91e212.exe
Resource
win7-20240220-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
8ff46cb27c8e2d709b0c058e59f0afbad9615eab9dbf17060260d7e68a91e212.exe
-
Size
2.1MB
-
MD5
24f93bc40d2311c39b1253e857fb2655
-
SHA1
7b48993bc668e04664d907cecce81e9f4abf69f4
-
SHA256
8ff46cb27c8e2d709b0c058e59f0afbad9615eab9dbf17060260d7e68a91e212
-
SHA512
1e2b93556b71eea8080cc651eb6cd13fbef89a90ab5fd13181ecf71a30f2ab5e48b02d374572794727c2df80a4bcd5962624ff721708632d109059d3baf3296c
-
SSDEEP
49152:ZSUl6vD5DxN6HHLJFwA0CPy/rvZ46H1SJFYPukYC034vYoTD/:ZSSwD5DxkJyTvZ46HEJ6WkYRCpT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-