General
-
Target
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3.exe
-
Size
2.3MB
-
Sample
250318-1l4ldaslt4
-
MD5
d9615368a7ba5bb0c15e398f4097dc1f
-
SHA1
bc747bc86fed777358b2c71a8ea95f7ccbf3e5a4
-
SHA256
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3
-
SHA512
1b592a7a2034f881b86e7103c4fde9aed0a2095ee6e28bc61a7ff454c9ae0716a95b43785497a627e3cc66cccb6b338f4e832acdd69b0fdddb2c88f05aa73cd3
-
SSDEEP
49152:xTs9zpYo556eURBCDd/BP1+zX3ympAGBnEl6U8/j/SIGzgnUjQ58IkUC4:x49SoqrRBClh1+znnBd77lPO
Static task
static1
Behavioral task
behavioral1
Sample
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3.exe
-
Size
2.3MB
-
MD5
d9615368a7ba5bb0c15e398f4097dc1f
-
SHA1
bc747bc86fed777358b2c71a8ea95f7ccbf3e5a4
-
SHA256
01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3
-
SHA512
1b592a7a2034f881b86e7103c4fde9aed0a2095ee6e28bc61a7ff454c9ae0716a95b43785497a627e3cc66cccb6b338f4e832acdd69b0fdddb2c88f05aa73cd3
-
SSDEEP
49152:xTs9zpYo556eURBCDd/BP1+zX3ympAGBnEl6U8/j/SIGzgnUjQ58IkUC4:x49SoqrRBClh1+znnBd77lPO
Score10/10-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-