General
-
Target
Rise_Free (1).exe
-
Size
45.1MB
-
Sample
240428-jvx2hsbe3x
-
MD5
d720fb4ee7c14ae624f15d96920f97d2
-
SHA1
4637d6513a9367edc59e51e8807e6906719f05bc
-
SHA256
1f22f525af4d352ad5c47d5e0ae74dedd05951ae7609160b0edb32d77a395d2b
-
SHA512
df4a67d63afe0efbd9a87e42d30489d5c0bdc0d87004bc7c8941db79ea69b63ee5b0476056a2cf01524d1c10d6f1a1c4850d16db840d6942ecb71afe00391d8c
-
SSDEEP
786432:xxiSh28Bqg3d4Sbz703QVj8shVuggyVmBhAGXkfRveGBW/SjF7Gk34tN3IlU1NmP:ogqfSbf03QVrruxyV0hArriSjIBIlU1w
Malware Config
Targets
-
-
Target
Rise_Free (1).exe
-
Size
45.1MB
-
MD5
d720fb4ee7c14ae624f15d96920f97d2
-
SHA1
4637d6513a9367edc59e51e8807e6906719f05bc
-
SHA256
1f22f525af4d352ad5c47d5e0ae74dedd05951ae7609160b0edb32d77a395d2b
-
SHA512
df4a67d63afe0efbd9a87e42d30489d5c0bdc0d87004bc7c8941db79ea69b63ee5b0476056a2cf01524d1c10d6f1a1c4850d16db840d6942ecb71afe00391d8c
-
SSDEEP
786432:xxiSh28Bqg3d4Sbz703QVj8shVuggyVmBhAGXkfRveGBW/SjF7Gk34tN3IlU1NmP:ogqfSbf03QVrruxyV0hArriSjIBIlU1w
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Rise_Free.pyc
-
Size
101KB
-
MD5
c8ef4f4866314cf04805616999bf28f3
-
SHA1
4300cafcf698f502df7cc6cf6db5f18aa47bb6a3
-
SHA256
a3f7fc958c18665799886b5d7a91926f40b5d2f041ca8443a0af109708f2d486
-
SHA512
a23bd674abbca0ba2ed004a08a078b8f1320f104ad1a66813d56914ad9a686051d19728af3a7d22baad19e83b8de59d2ccbb7a85e010945806f28cb20b1fde29
-
SSDEEP
3072:vwtMc0VzehKP5A+7wcBiz5okJdP/aRD6/BzanYMzJZ:otMvme5B7DYzWsHa05zyYQ3
Score3/10 -