General
-
Target
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d
-
Size
2.3MB
-
Sample
240603-gsxa4afc65
-
MD5
0d02928aece928e87c0ad6ec550e37ac
-
SHA1
ca9b875454b9cfe1bd468ccbffffec234f94fda7
-
SHA256
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d
-
SHA512
72c191d5ba4065f35f4c483bf46f59184970ae5782d92e5185a351dc0b41190341cbb3bb639c24a05a2abe05c9a63e5d37a0ce67ff8b519f49c669675fc23d25
-
SSDEEP
49152:TDPteS+V8l4tCgYsqfPMZV5Ae9QituLSf54yfSrw0bO2/aLDYj7w:1V+V8KtCgViPMZjQiseCc0S/LDY/w
Static task
static1
Behavioral task
behavioral1
Sample
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d.exe
Resource
win10-20240404-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d
-
Size
2.3MB
-
MD5
0d02928aece928e87c0ad6ec550e37ac
-
SHA1
ca9b875454b9cfe1bd468ccbffffec234f94fda7
-
SHA256
bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d
-
SHA512
72c191d5ba4065f35f4c483bf46f59184970ae5782d92e5185a351dc0b41190341cbb3bb639c24a05a2abe05c9a63e5d37a0ce67ff8b519f49c669675fc23d25
-
SSDEEP
49152:TDPteS+V8l4tCgYsqfPMZV5Ae9QituLSf54yfSrw0bO2/aLDYj7w:1V+V8KtCgViPMZjQiseCc0S/LDY/w
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-