General
-
Target
862d51d6ab9978ce28831e497e907c7bbf6299608b8eee8762e24e1f6f9fb842
-
Size
4.0MB
-
Sample
240425-dpbcnsee3v
-
MD5
8ef58d3665cd21e2671545d91b2881a4
-
SHA1
e71d6af156fe081992760eddd57383e94907549b
-
SHA256
862d51d6ab9978ce28831e497e907c7bbf6299608b8eee8762e24e1f6f9fb842
-
SHA512
4711111830475c1c69d604b3ff13b57121d880ea266e84b6f8fd455994ff811943660ae27e87617b90218a4880ae4aeddda856e3562002271c110bdf5ccf4425
-
SSDEEP
98304:IUaFXrkPajvvCl0Sf/nkNGs+r8dTF3uZhRffKue:datkijeffgGsWMTRuzRHKN
Static task
static1
Behavioral task
behavioral1
Sample
862d51d6ab9978ce28831e497e907c7bbf6299608b8eee8762e24e1f6f9fb842.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
193.233.132.253:50500
Targets
-
-
Target
862d51d6ab9978ce28831e497e907c7bbf6299608b8eee8762e24e1f6f9fb842
-
Size
4.0MB
-
MD5
8ef58d3665cd21e2671545d91b2881a4
-
SHA1
e71d6af156fe081992760eddd57383e94907549b
-
SHA256
862d51d6ab9978ce28831e497e907c7bbf6299608b8eee8762e24e1f6f9fb842
-
SHA512
4711111830475c1c69d604b3ff13b57121d880ea266e84b6f8fd455994ff811943660ae27e87617b90218a4880ae4aeddda856e3562002271c110bdf5ccf4425
-
SSDEEP
98304:IUaFXrkPajvvCl0Sf/nkNGs+r8dTF3uZhRffKue:datkijeffgGsWMTRuzRHKN
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-