General
-
Target
SecuriteInfo.com.Trojan.Siggen26.6766.21437.6924.exe
-
Size
2.3MB
-
Sample
240212-w9fr1acf46
-
MD5
90b40bd21458b6a592353a7c0e182a5a
-
SHA1
d14bf66b8906be138ce16f97bcd59a776c24af80
-
SHA256
85921a34eafde944db53e7c6fa6ef51e939156fe434432e129bc29a4fc2afef9
-
SHA512
08703091ddfe7e61e4a7221b2f0d61ef27f004380a234f409668a5df0e87a656305d5f060db4c21c01106c94bd0d6c2f2751ce6fa273eb5e36b4f3f04646572f
-
SSDEEP
49152:otNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:/CTy48CU+1VIJ0XO8uVm5/uGiH
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen26.6766.21437.6924.exe
-
Size
2.3MB
-
MD5
90b40bd21458b6a592353a7c0e182a5a
-
SHA1
d14bf66b8906be138ce16f97bcd59a776c24af80
-
SHA256
85921a34eafde944db53e7c6fa6ef51e939156fe434432e129bc29a4fc2afef9
-
SHA512
08703091ddfe7e61e4a7221b2f0d61ef27f004380a234f409668a5df0e87a656305d5f060db4c21c01106c94bd0d6c2f2751ce6fa273eb5e36b4f3f04646572f
-
SSDEEP
49152:otNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:/CTy48CU+1VIJ0XO8uVm5/uGiH
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-