General
-
Target
d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff.exe
-
Size
2.2MB
-
Sample
240415-br1z1aah52
-
MD5
3dd4ded8937cf515194fe34d4382d949
-
SHA1
a97cd2bfa68c4418cb4ae871a66dc9c4205b0da3
-
SHA256
d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff
-
SHA512
986f3d7b325b659800843e250390b775c0527e74b1250cf13fe36dfac82da9a74eb1eccd45de49d10040837dd516e08fb3fb21b39f9a246fc4bf6d467fa9da2c
-
SSDEEP
49152:XSUl6vD5DxN6HHLJ9tiOZSwyomaCju4Y7w4yQQ+G4hSGs:XSSwD5DxkMcfUu4YwQZGkds
Static task
static1
Behavioral task
behavioral1
Sample
d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff.exe
-
Size
2.2MB
-
MD5
3dd4ded8937cf515194fe34d4382d949
-
SHA1
a97cd2bfa68c4418cb4ae871a66dc9c4205b0da3
-
SHA256
d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff
-
SHA512
986f3d7b325b659800843e250390b775c0527e74b1250cf13fe36dfac82da9a74eb1eccd45de49d10040837dd516e08fb3fb21b39f9a246fc4bf6d467fa9da2c
-
SSDEEP
49152:XSUl6vD5DxN6HHLJ9tiOZSwyomaCju4Y7w4yQQ+G4hSGs:XSSwD5DxkMcfUu4YwQZGkds
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-