General
-
Target
b59011f4f29f6cc7daf08ce24825c37adec3a20a91cd2e12ab2caa72349da14e.exe
-
Size
2.3MB
-
Sample
240213-fb6b1abc5x
-
MD5
39300d60c352533e0fc09615c4110af4
-
SHA1
d462d806241798d4c02f2f7296300812dd55eadf
-
SHA256
b59011f4f29f6cc7daf08ce24825c37adec3a20a91cd2e12ab2caa72349da14e
-
SHA512
8fec4312ef41b7603f4b88bfa5dc4226eb85e789e562e085e75393a4927475965a30e7cdcdbf38682c836e83fed9876300f7743c8e8d3f1af63a16b6b7699160
-
SSDEEP
49152:ctNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:jCTy48CU+1VIJ0XO8uVm5/uGiH
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
b59011f4f29f6cc7daf08ce24825c37adec3a20a91cd2e12ab2caa72349da14e.exe
-
Size
2.3MB
-
MD5
39300d60c352533e0fc09615c4110af4
-
SHA1
d462d806241798d4c02f2f7296300812dd55eadf
-
SHA256
b59011f4f29f6cc7daf08ce24825c37adec3a20a91cd2e12ab2caa72349da14e
-
SHA512
8fec4312ef41b7603f4b88bfa5dc4226eb85e789e562e085e75393a4927475965a30e7cdcdbf38682c836e83fed9876300f7743c8e8d3f1af63a16b6b7699160
-
SSDEEP
49152:ctNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:jCTy48CU+1VIJ0XO8uVm5/uGiH
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-