General
-
Target
708bf4d2f784b9e25e1caece1f22232fabb32c47e1f9a132a0ec68ed099fd43e.exe
-
Size
2.3MB
-
Sample
240212-e1dslshd3v
-
MD5
376234ed7dd25232be87595323cf48a7
-
SHA1
e7a613f538b2b85e6d9a622d921dd1c4d5955a47
-
SHA256
708bf4d2f784b9e25e1caece1f22232fabb32c47e1f9a132a0ec68ed099fd43e
-
SHA512
bc75d7d26cd53ffdefb9463fb70ae2889d101e5eadc0efc548a1be36aa2b9072fff86d624ab87e7c49f21198fdf31e41049467a0641a031536e8246019bdc7b1
-
SSDEEP
49152:xkk1vD1U/BxhHl3jCSQ9I16lzJsYmWoweYn7jhf/sk:xl1vhU/BPJjCSD6v3oweY7jx/sk
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
708bf4d2f784b9e25e1caece1f22232fabb32c47e1f9a132a0ec68ed099fd43e.exe
-
Size
2.3MB
-
MD5
376234ed7dd25232be87595323cf48a7
-
SHA1
e7a613f538b2b85e6d9a622d921dd1c4d5955a47
-
SHA256
708bf4d2f784b9e25e1caece1f22232fabb32c47e1f9a132a0ec68ed099fd43e
-
SHA512
bc75d7d26cd53ffdefb9463fb70ae2889d101e5eadc0efc548a1be36aa2b9072fff86d624ab87e7c49f21198fdf31e41049467a0641a031536e8246019bdc7b1
-
SSDEEP
49152:xkk1vD1U/BxhHl3jCSQ9I16lzJsYmWoweYn7jhf/sk:xl1vhU/BPJjCSD6v3oweY7jx/sk
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-