General
-
Target
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe
-
Size
2.2MB
-
Sample
250318-l79xyszvgz
-
MD5
685b3fe3cadb30d9b4a70689c13b7aa8
-
SHA1
50c048e1304a634dc5a293d3b37499516fc646d3
-
SHA256
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580
-
SHA512
3cb32ce1809fddd56240d387d249ad261233136589b8458ebe292fa9ecc63d59e09351958d95af278a43f570f63bc91cfe7603ba061b915b21d17618ea98d91e
-
SSDEEP
49152:bSUl6vD5DxN6HHLJ9tuk1rX4XqjgoF0qe0J+jgKXM:bSSwD5Dxk3X4Xq30qe0J+jgj
Static task
static1
Behavioral task
behavioral1
Sample
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe
-
Size
2.2MB
-
MD5
685b3fe3cadb30d9b4a70689c13b7aa8
-
SHA1
50c048e1304a634dc5a293d3b37499516fc646d3
-
SHA256
f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580
-
SHA512
3cb32ce1809fddd56240d387d249ad261233136589b8458ebe292fa9ecc63d59e09351958d95af278a43f570f63bc91cfe7603ba061b915b21d17618ea98d91e
-
SSDEEP
49152:bSUl6vD5DxN6HHLJ9tuk1rX4XqjgoF0qe0J+jgKXM:bSSwD5Dxk3X4Xq30qe0J+jgj
Score10/10-
Risepro family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-