General
-
Target
a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f
-
Size
8.6MB
-
Sample
240425-2cnz1aga28
-
MD5
c49a9a589af8da0d09c69670b2579ab9
-
SHA1
51a936428711d9bd1307ffd3e75436a0e4568eb2
-
SHA256
a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f
-
SHA512
4dcd6ca8c62466f18564e2b5b068238769603df2624b9b39d0f11aa7ff643bd09a51a2a16252c31b1b4ad8d0577ab8d8d9d91e93fdfa886121c37801788bd78c
-
SSDEEP
196608:aOVNWi1IoE6S5MBjgluihHc4+oueCxQ/sfA84JmQGOVDm2:aOVwim8S5MykihHcYueCxQIA84JfLDm2
Static task
static1
Behavioral task
behavioral1
Sample
a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f.exe
Resource
win7-20240220-en
Malware Config
Extracted
risepro
193.233.132.226:50500
Targets
-
-
Target
a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f
-
Size
8.6MB
-
MD5
c49a9a589af8da0d09c69670b2579ab9
-
SHA1
51a936428711d9bd1307ffd3e75436a0e4568eb2
-
SHA256
a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f
-
SHA512
4dcd6ca8c62466f18564e2b5b068238769603df2624b9b39d0f11aa7ff643bd09a51a2a16252c31b1b4ad8d0577ab8d8d9d91e93fdfa886121c37801788bd78c
-
SSDEEP
196608:aOVNWi1IoE6S5MBjgluihHc4+oueCxQ/sfA84JmQGOVDm2:aOVwim8S5MykihHcYueCxQIA84JfLDm2
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-