risepro | 3aec2bcb76da203ec5e6c59b712a69a048b0b1da14d4234bf0ba700cf6c2ba0a | Triage

Sharing

General

Target

3aec2bcb76da203ec5e6c59b712a69a048b0b1da14d4234bf0ba700cf6c2ba0a.exe
Size

2.3MB
Sample

240213-dc7v4sec24
MD5

739edbbab87a6cad0eb66d08be2696af
SHA1

957fe870a6ab1afe50a92b290936935847519016
SHA256

3aec2bcb76da203ec5e6c59b712a69a048b0b1da14d4234bf0ba700cf6c2ba0a
SHA512

52cc23a46896cf502e3b9444eb10128ac276d72c741eade705a3a196cb4228ce709df3d40fd74e6f422ab9876296b570c11b21b908569e6e6d8e9c18bb586719
SSDEEP

49152:NJfOUhQenQZiiQrOrBg1qNGv0MsfshzejgkNVypVmm:7WIznQZiTrN1aMswkXy/mm

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Targets

- Target
  
  3aec2bcb76da203ec5e6c59b712a69a048b0b1da14d4234bf0ba700cf6c2ba0a.exe
- Size
  
  2.3MB
- MD5
  
  739edbbab87a6cad0eb66d08be2696af
- SHA1
  
  957fe870a6ab1afe50a92b290936935847519016
- SHA256
  
  3aec2bcb76da203ec5e6c59b712a69a048b0b1da14d4234bf0ba700cf6c2ba0a
- SHA512
  
  52cc23a46896cf502e3b9444eb10128ac276d72c741eade705a3a196cb4228ce709df3d40fd74e6f422ab9876296b570c11b21b908569e6e6d8e9c18bb586719
- SSDEEP
  
  49152:NJfOUhQenQZiiQrOrBg1qNGv0MsfshzejgkNVypVmm:7WIznQZiTrN1aMswkXy/mm
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer