General
-
Target
ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
-
Size
2.4MB
-
Sample
250318-kffpcs1py3
-
MD5
4a36fa7c0ccbc6842c541a6439ab545a
-
SHA1
9257009dd59ac4db2518293bcd46be058d937284
-
SHA256
ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
-
SHA512
13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
-
SSDEEP
49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW
Behavioral task
behavioral1
Sample
ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
Resource
win7-20240903-en
Malware Config
Extracted
risepro
193.233.132.253:50500
Targets
-
-
Target
ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
-
Size
2.4MB
-
MD5
4a36fa7c0ccbc6842c541a6439ab545a
-
SHA1
9257009dd59ac4db2518293bcd46be058d937284
-
SHA256
ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
-
SHA512
13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
-
SSDEEP
49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW
-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-