General
-
Target
7bc333604e72b08b856d87e57fc315f3d80e087f1aeeeddf2ca405b6278e40f8.exe
-
Size
2.2MB
-
Sample
240229-f8ekjsfh25
-
MD5
0d3ef129f1743cd0504a584f7cc44e19
-
SHA1
9543357faf17f62099bf4d9fc2c2e11c5279c601
-
SHA256
7bc333604e72b08b856d87e57fc315f3d80e087f1aeeeddf2ca405b6278e40f8
-
SHA512
93ace5ef7ee3f305eb107b4453fcc351ee8b44a5cc9a661b48a0a939924c46edaaede7a710df454a9d1af8c74a4f7dd37e861f83f5112ebd88e61b1971618b67
-
SSDEEP
49152:tD92lFJZ/0OO+VEaS4KwL0NF+PQsncTeyIJpOvyOP27xX23:6nOEEbDsn2cTOvlPg23
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
7bc333604e72b08b856d87e57fc315f3d80e087f1aeeeddf2ca405b6278e40f8.exe
-
Size
2.2MB
-
MD5
0d3ef129f1743cd0504a584f7cc44e19
-
SHA1
9543357faf17f62099bf4d9fc2c2e11c5279c601
-
SHA256
7bc333604e72b08b856d87e57fc315f3d80e087f1aeeeddf2ca405b6278e40f8
-
SHA512
93ace5ef7ee3f305eb107b4453fcc351ee8b44a5cc9a661b48a0a939924c46edaaede7a710df454a9d1af8c74a4f7dd37e861f83f5112ebd88e61b1971618b67
-
SSDEEP
49152:tD92lFJZ/0OO+VEaS4KwL0NF+PQsncTeyIJpOvyOP27xX23:6nOEEbDsn2cTOvlPg23
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-