General
-
Target
53a16a54cd65ad8e847874c04650be749b0d1dbaf445bd165a75dae3b3fa1ff5
-
Size
2.2MB
-
Sample
240219-fev1fahg7x
-
MD5
ee2c71ac88164fd8e354c4edaeda0063
-
SHA1
06373aa249a1ab75d086ac323009a2a18cb9f805
-
SHA256
53a16a54cd65ad8e847874c04650be749b0d1dbaf445bd165a75dae3b3fa1ff5
-
SHA512
b189b025d52b025119038dabdc506b75684587f3aa3e0d480960835256931a1292fc3f3e5278c800bf3c07ce66e838cbd7480e47fb3b7d4683c02ae7a88d3995
-
SSDEEP
49152:9ezd0j0smY3seIDvGB3gUcMeDSpoJmkAGxgCjCIAb/2eYa4vTNRKHpG:Z0s/kG3xeDsEmkLxbjCRz2eZ47bKH
Malware Config
Extracted
risepro
193.233.132.62:50500
Targets
-
-
Target
53a16a54cd65ad8e847874c04650be749b0d1dbaf445bd165a75dae3b3fa1ff5
-
Size
2.2MB
-
MD5
ee2c71ac88164fd8e354c4edaeda0063
-
SHA1
06373aa249a1ab75d086ac323009a2a18cb9f805
-
SHA256
53a16a54cd65ad8e847874c04650be749b0d1dbaf445bd165a75dae3b3fa1ff5
-
SHA512
b189b025d52b025119038dabdc506b75684587f3aa3e0d480960835256931a1292fc3f3e5278c800bf3c07ce66e838cbd7480e47fb3b7d4683c02ae7a88d3995
-
SSDEEP
49152:9ezd0j0smY3seIDvGB3gUcMeDSpoJmkAGxgCjCIAb/2eYa4vTNRKHpG:Z0s/kG3xeDsEmkLxbjCRz2eZ47bKH
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-