General
-
Target
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a
-
Size
2.2MB
-
Sample
240415-pl2w1aec98
-
MD5
3e05d8293a1ce48cef6934688203c900
-
SHA1
0a0e9bd11cb5c68dc844039a2561dbefd2869a12
-
SHA256
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a
-
SHA512
c47604f45b86e2fd08f672bec4755fdd800d832598dd89372ba84a0dd78cdf914991ecf499c0d490c90f1a87a90691568e1b8abc9671f93ffb9ae1c29ac6a00a
-
SSDEEP
49152:zSUl6vD5DxN6HHLJ9t/HnxmFrBxM7ynRnyiFHiygCUAOywfWdc:zSSwD5DxkVHxm+yRnJHiVCUvFK
Static task
static1
Behavioral task
behavioral1
Sample
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a.exe
Resource
win11-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a
-
Size
2.2MB
-
MD5
3e05d8293a1ce48cef6934688203c900
-
SHA1
0a0e9bd11cb5c68dc844039a2561dbefd2869a12
-
SHA256
0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a
-
SHA512
c47604f45b86e2fd08f672bec4755fdd800d832598dd89372ba84a0dd78cdf914991ecf499c0d490c90f1a87a90691568e1b8abc9671f93ffb9ae1c29ac6a00a
-
SSDEEP
49152:zSUl6vD5DxN6HHLJ9t/HnxmFrBxM7ynRnyiFHiygCUAOywfWdc:zSSwD5DxkVHxm+yRnJHiVCUvFK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-