General
-
Target
9f7586b19e779723513dc5dd122d78767e1148fc5f728535a5a61e5853283553.exe
-
Size
2.1MB
-
Sample
240415-bnst8aag36
-
MD5
bff833e31e294ad1a723d433daf380fb
-
SHA1
8dbaf17cdbd02b2ff872b203c09351f8d3d4cf05
-
SHA256
9f7586b19e779723513dc5dd122d78767e1148fc5f728535a5a61e5853283553
-
SHA512
dc67b48f442f552cc73a565f3021377eb4a58f417dbc207a9756e3fde9cb41a8f54c8ad370df7cf3c4d246b877764219d00bad6e0a09ef5f33f44dcd8d8fa4fd
-
SSDEEP
49152:0SUl6vD5DxN6HHLJFwIZjkWgHRW67w/0luPDAg/nqOApLrcDoD1a:0SSwD5Dxk3jOVBiDAcqOApLr6
Static task
static1
Behavioral task
behavioral1
Sample
9f7586b19e779723513dc5dd122d78767e1148fc5f728535a5a61e5853283553.exe
Resource
win7-20231129-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
9f7586b19e779723513dc5dd122d78767e1148fc5f728535a5a61e5853283553.exe
-
Size
2.1MB
-
MD5
bff833e31e294ad1a723d433daf380fb
-
SHA1
8dbaf17cdbd02b2ff872b203c09351f8d3d4cf05
-
SHA256
9f7586b19e779723513dc5dd122d78767e1148fc5f728535a5a61e5853283553
-
SHA512
dc67b48f442f552cc73a565f3021377eb4a58f417dbc207a9756e3fde9cb41a8f54c8ad370df7cf3c4d246b877764219d00bad6e0a09ef5f33f44dcd8d8fa4fd
-
SSDEEP
49152:0SUl6vD5DxN6HHLJFwIZjkWgHRW67w/0luPDAg/nqOApLrcDoD1a:0SSwD5Dxk3jOVBiDAcqOApLr6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-