General
-
Target
484f30ebec6067f2fa8469d481894ebd.bin
-
Size
2.1MB
-
Sample
240415-blfrwadd3s
-
MD5
8d46ea14cb6fa59b3f9dfdc2a132a7b2
-
SHA1
c7877c9dadcc79c6df14da1f19c78e15d9270aa0
-
SHA256
f75775a02a17dd99947b3d245f69788e1963511eb278d847f81394f4f9c7baa4
-
SHA512
13b84bb5c38571d6a7f12e5a25bb0b363ab7f6162b38aaf647be18526a09232c2e43a61186414aa3fa44b68051482b139a6d1fd0a2af11ccd4aadb293470e229
-
SSDEEP
49152:JEBYKrqNbGPhPBac37dvXRHiGZqezzjr08iExmgZg3:iBh2NbBodv9N7R3myg3
Static task
static1
Behavioral task
behavioral1
Sample
fb8f9844273ef9144bb4424bdbb468d9936adfbe82b068570881461d71ad636f.exe
Resource
win7-20240215-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
fb8f9844273ef9144bb4424bdbb468d9936adfbe82b068570881461d71ad636f.exe
-
Size
2.2MB
-
MD5
484f30ebec6067f2fa8469d481894ebd
-
SHA1
01bdba49aca219240dd2c2901550e605d0564f43
-
SHA256
fb8f9844273ef9144bb4424bdbb468d9936adfbe82b068570881461d71ad636f
-
SHA512
49a8be37dd338a43f6edcfdadcaaa130b1dcf73c54d273b62ed8ad23952da42940ac2171336c3fc7f6520aef99d8cf619ec6db3385912de46263a184a307fe6f
-
SSDEEP
49152:wSUl6vD5DxN6HHLJ9t9ZtmZWmmmR8GfwKDaJ78qEEkIzjbMc/nIjm7:wSSwD5DxkHzjs8GfwDNEW4c/B7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-