Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe

  • Size

    2.2MB

  • Sample

    240229-f3jmbafa6x

  • MD5

    3462e5905a1627fb9203326d5b059337

  • SHA1

    736dffa4658440b9d2991628117b8534b1374b11

  • SHA256

    47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d

  • SHA512

    73320915b9a90814d9cbcbdbc6f6056f86478b4c5f83ddeb39db5b702bd66aae19103fc2bf767d2b47786471a858269ede2ce0377cd4a7a96f8602e802e9bf63

  • SSDEEP

    49152:WjYehOISUSrMl6ge5g+3CqVTegLFAmJNFEUnf9k17wUW:WUeJS0z+3C2eenJMUnf92wUW

Score
10/10

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

    • Target

      47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe

    • Size

      2.2MB

    • MD5

      3462e5905a1627fb9203326d5b059337

    • SHA1

      736dffa4658440b9d2991628117b8534b1374b11

    • SHA256

      47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d

    • SHA512

      73320915b9a90814d9cbcbdbc6f6056f86478b4c5f83ddeb39db5b702bd66aae19103fc2bf767d2b47786471a858269ede2ce0377cd4a7a96f8602e802e9bf63

    • SSDEEP

      49152:WjYehOISUSrMl6ge5g+3CqVTegLFAmJNFEUnf9k17wUW:WUeJS0z+3C2eenJMUnf92wUW

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks