General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.29400.26192
-
Size
2.2MB
-
Sample
240128-t3qyaadeh4
-
MD5
9980911c88c9b12438d3a67bb5635ed8
-
SHA1
2ca895e743cbda59620ea773bda258a5e6bba95b
-
SHA256
c73ade9f1fcbb5f4f6494b896f40ac1f5ea17f12a2695d1e54dc247ce4dc6653
-
SHA512
c94a6b0d02ba365cf58f7d1074ed0bbfe9ac15d1cb9d1c12c0515599555f927ff3f320a0a17df47ff6276d734e533c981d62eada372a419716d2d36f5d38884b
-
SSDEEP
49152:RxL7uZYMTZrpk2agpEnLI12U9lWXuKktkru7sWd30MCwFgrEUF:c/rpk2hpmLI1X+dkKss80DwFgrE
Malware Config
Extracted
risepro
193.233.132.62:50500
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.29400.26192
-
Size
2.2MB
-
MD5
9980911c88c9b12438d3a67bb5635ed8
-
SHA1
2ca895e743cbda59620ea773bda258a5e6bba95b
-
SHA256
c73ade9f1fcbb5f4f6494b896f40ac1f5ea17f12a2695d1e54dc247ce4dc6653
-
SHA512
c94a6b0d02ba365cf58f7d1074ed0bbfe9ac15d1cb9d1c12c0515599555f927ff3f320a0a17df47ff6276d734e533c981d62eada372a419716d2d36f5d38884b
-
SSDEEP
49152:RxL7uZYMTZrpk2agpEnLI12U9lWXuKktkru7sWd30MCwFgrEUF:c/rpk2hpmLI1X+dkKss80DwFgrE
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-