Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db52264951dd101cdc12dcb44a96b92c

  • Size

    2.2MB

  • Sample

    240224-ntq9ssae86

  • MD5

    db52264951dd101cdc12dcb44a96b92c

  • SHA1

    8885591a142a5d57aeba1fa24ff88517e82c51ea

  • SHA256

    98ddd445f1b7ca25290ee7d802944f444dbcf319ba138212dc3e04653dcc6ab8

  • SHA512

    bcc85c4df3db54327b715059cf544890409551440b36e8383d5d650816135cfc472621268a979804f3620a48cdb2849f40465e777f72d0a0807994e0ea1fb6ef

  • SSDEEP

    49152:WO/W4bcxhRcerdjYzqjAwRSLNAuYoXezqj7ZRgcGYnxEhy:chXrdszqCLquJgGgcGYnGhy

Score
10/10

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

    • Target

      db52264951dd101cdc12dcb44a96b92c

    • Size

      2.2MB

    • MD5

      db52264951dd101cdc12dcb44a96b92c

    • SHA1

      8885591a142a5d57aeba1fa24ff88517e82c51ea

    • SHA256

      98ddd445f1b7ca25290ee7d802944f444dbcf319ba138212dc3e04653dcc6ab8

    • SHA512

      bcc85c4df3db54327b715059cf544890409551440b36e8383d5d650816135cfc472621268a979804f3620a48cdb2849f40465e777f72d0a0807994e0ea1fb6ef

    • SSDEEP

      49152:WO/W4bcxhRcerdjYzqjAwRSLNAuYoXezqj7ZRgcGYnxEhy:chXrdszqCLquJgGgcGYnGhy

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.