General
-
Target
bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e
-
Size
2.1MB
-
Sample
240415-y7y7nsfd58
-
MD5
905e43cade568907aaf2e0f0d43769b0
-
SHA1
5d6088097b8dc5919d825691ab2e8da74798deb1
-
SHA256
bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e
-
SHA512
30ebd7e1e2eb844ff76f10e54ee5f3c835dad1912b9a5f01b94e605d157f09ed149a87ddb06b7cf9c497c0ad72a0ff2d4d2bb07130c8aa4d17bbe03007899ecb
-
SSDEEP
49152:xSUl6vD5DxN6HHLJ9tul7GW+uAmWThJZqeuFwh04uUxpS5Ad/F3CpDA9cd:xSSwD5Dxkg7G6+ThJZqeua4OpzsDAO
Static task
static1
Behavioral task
behavioral1
Sample
bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e
-
Size
2.1MB
-
MD5
905e43cade568907aaf2e0f0d43769b0
-
SHA1
5d6088097b8dc5919d825691ab2e8da74798deb1
-
SHA256
bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e
-
SHA512
30ebd7e1e2eb844ff76f10e54ee5f3c835dad1912b9a5f01b94e605d157f09ed149a87ddb06b7cf9c497c0ad72a0ff2d4d2bb07130c8aa4d17bbe03007899ecb
-
SSDEEP
49152:xSUl6vD5DxN6HHLJ9tul7GW+uAmWThJZqeuFwh04uUxpS5Ad/F3CpDA9cd:xSSwD5Dxkg7G6+ThJZqeua4OpzsDAO
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-