General
-
Target
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe
-
Size
2.2MB
-
Sample
250318-k3cwzsyvgv
-
MD5
dee688451dfcd52d620e8c8201a7a5bc
-
SHA1
4f798d70892251af7c0e31ca56f79abd7252ceff
-
SHA256
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff
-
SHA512
ac17271ba35741b93486a4f7492738e3742dc8308b63b7af0ec6c484c7b5ba1dca346c05e0e907a417553f0a7b8a3137d2b1fe3f79b85b4549a2d6f897c88a33
-
SSDEEP
49152:oSUl6vD5DxN6HHLJ9tLb69B7Bz6rmPxwg9c7SEDkVz1ZYL+sZL:oSSwD5Dxk56j7B2rmPxwXXDkVzUnL
Static task
static1
Behavioral task
behavioral1
Sample
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe
-
Size
2.2MB
-
MD5
dee688451dfcd52d620e8c8201a7a5bc
-
SHA1
4f798d70892251af7c0e31ca56f79abd7252ceff
-
SHA256
da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff
-
SHA512
ac17271ba35741b93486a4f7492738e3742dc8308b63b7af0ec6c484c7b5ba1dca346c05e0e907a417553f0a7b8a3137d2b1fe3f79b85b4549a2d6f897c88a33
-
SSDEEP
49152:oSUl6vD5DxN6HHLJ9tLb69B7Bz6rmPxwg9c7SEDkVz1ZYL+sZL:oSSwD5Dxk56j7B2rmPxwXXDkVzUnL
Score10/10-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-