General
-
Target
18afe832cedf8e9303f5fa9f4622292f.exe
-
Size
2.2MB
-
Sample
240221-cbjapahd4t
-
MD5
18afe832cedf8e9303f5fa9f4622292f
-
SHA1
9f900a625dc4967a24d258000f94db48fd881fec
-
SHA256
8a93fc1f94b6919a6776d6d0151d04a352d30a8743d58ff9090d3def3c2aa571
-
SHA512
6a594a73c8bf7cd0c9be6d7cfa737d1821efe521464b186c4e3821f0f4aa98aedb917341a31d3b1a21c669e1de1b5864de37f3e10fd04f9039d5d7b7c92ffdd7
-
SSDEEP
49152:gCr1vCbkuksx/7KSKp1GNuXah4WEYuld:tppuJx/7KSic8KhNk
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
18afe832cedf8e9303f5fa9f4622292f.exe
-
Size
2.2MB
-
MD5
18afe832cedf8e9303f5fa9f4622292f
-
SHA1
9f900a625dc4967a24d258000f94db48fd881fec
-
SHA256
8a93fc1f94b6919a6776d6d0151d04a352d30a8743d58ff9090d3def3c2aa571
-
SHA512
6a594a73c8bf7cd0c9be6d7cfa737d1821efe521464b186c4e3821f0f4aa98aedb917341a31d3b1a21c669e1de1b5864de37f3e10fd04f9039d5d7b7c92ffdd7
-
SSDEEP
49152:gCr1vCbkuksx/7KSKp1GNuXah4WEYuld:tppuJx/7KSic8KhNk
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-