General
-
Target
b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703
-
Size
2.3MB
-
Sample
240603-gpgfgafb47
-
MD5
1dd5b91d8b33ad3f5f630bc2866c06de
-
SHA1
1b3e3981c34b5843fbc6a923811acd2177e0b66f
-
SHA256
b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703
-
SHA512
6580018dd28a4bc19f60fb0f282e49e9e3b0021d118b73d26791f7ae783a79923c2789a347fec0c44bf458642acb80d6223e1f694978a0513d754cf3ee75a07d
-
SSDEEP
49152:fYw4Y8sCtxe3QO/Xg33B7qI0ag2qYPV1cD4kiGXt6R/VZR9sfA:fYw4Y8sCO/iBOD9SckkiGXtw/XR9s
Static task
static1
Behavioral task
behavioral1
Sample
b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703
-
Size
2.3MB
-
MD5
1dd5b91d8b33ad3f5f630bc2866c06de
-
SHA1
1b3e3981c34b5843fbc6a923811acd2177e0b66f
-
SHA256
b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703
-
SHA512
6580018dd28a4bc19f60fb0f282e49e9e3b0021d118b73d26791f7ae783a79923c2789a347fec0c44bf458642acb80d6223e1f694978a0513d754cf3ee75a07d
-
SSDEEP
49152:fYw4Y8sCtxe3QO/Xg33B7qI0ag2qYPV1cD4kiGXt6R/VZR9sfA:fYw4Y8sCO/iBOD9SckkiGXtw/XR9s
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-