General
-
Target
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b.exe
-
Size
2.3MB
-
Sample
250318-jwshes1ls6
-
MD5
d91d9163b04688bb52599103b3a75271
-
SHA1
cd2f8d71a2653940fab74f0cbf42169197dc0f6b
-
SHA256
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b
-
SHA512
e372f89907291b1f6f9bc0c2ccfdf5afcc60578017a55edf02199c5a8d6985b79dcb7d126ac85379f29a95a959bdd0a781115916ce564e6c2bfa077dfe50c89f
-
SSDEEP
49152:hSUl6vD5DxN6HHLJ9tMlVaR/DHIK8h/wWGpJ0+sSzepQPsdryd:hSSwD5Dxk19DoIpy+sSzepVE
Static task
static1
Behavioral task
behavioral1
Sample
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b.exe
-
Size
2.3MB
-
MD5
d91d9163b04688bb52599103b3a75271
-
SHA1
cd2f8d71a2653940fab74f0cbf42169197dc0f6b
-
SHA256
bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b
-
SHA512
e372f89907291b1f6f9bc0c2ccfdf5afcc60578017a55edf02199c5a8d6985b79dcb7d126ac85379f29a95a959bdd0a781115916ce564e6c2bfa077dfe50c89f
-
SSDEEP
49152:hSUl6vD5DxN6HHLJ9tMlVaR/DHIK8h/wWGpJ0+sSzepQPsdryd:hSSwD5Dxk19DoIpy+sSzepVE
Score10/10-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-