General
-
Target
a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858.exe
-
Size
3.3MB
-
Sample
250318-hvmecazmv2
-
MD5
d5a654fb53d2bd2d39840e81f7725bf9
-
SHA1
49e0cceac03cf02564ae0100c0b5b98e36555f10
-
SHA256
a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858
-
SHA512
0eed8c1ae671c0b954a9a3fc37f98140db19a537881a0ac2437dc9e3b091cb31f0bf34f137f55fc6a830d64014c7914cc37a281ef0df012344c419d3e25e9ca3
-
SSDEEP
98304:FvRJedU3DGLDZUEi/pQoTFYYoPRmxxWmPH:FvIgDGHvUbTfoYOmv
Behavioral task
behavioral1
Sample
a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858.exe
Resource
win7-20250207-en
Malware Config
Extracted
risepro
5.42.65.117:50500
Targets
-
-
Target
a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858.exe
-
Size
3.3MB
-
MD5
d5a654fb53d2bd2d39840e81f7725bf9
-
SHA1
49e0cceac03cf02564ae0100c0b5b98e36555f10
-
SHA256
a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858
-
SHA512
0eed8c1ae671c0b954a9a3fc37f98140db19a537881a0ac2437dc9e3b091cb31f0bf34f137f55fc6a830d64014c7914cc37a281ef0df012344c419d3e25e9ca3
-
SSDEEP
98304:FvRJedU3DGLDZUEi/pQoTFYYoPRmxxWmPH:FvIgDGHvUbTfoYOmv
-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-