General
-
Target
7a63a1cb0e1a1130be41449906010fb9c79a3008c077c7eea8f16783a150e6e4
-
Size
2.2MB
-
Sample
240308-fl1jhagf3v
-
MD5
cf97e45096073a4ff0dfd20d9c139efd
-
SHA1
63ab16acd9540d333084426f34ff26d033ab5de9
-
SHA256
7a63a1cb0e1a1130be41449906010fb9c79a3008c077c7eea8f16783a150e6e4
-
SHA512
a135d2753685593b24131e35e59775fc63a91828ceff8db06af18211f8920db71e411f127f68302ca436443ded36ca4b5d77b30891d6b8399e4193a20b6bdab4
-
SSDEEP
49152:6AN56koCIZYAUq6IP5qWSYTbAICanRy5ZLt/26dKBnr:6k6kje6IPO7Tank5ZLEUK5r
Malware Config
Extracted
risepro
193.233.132.62:50500
Targets
-
-
Target
7a63a1cb0e1a1130be41449906010fb9c79a3008c077c7eea8f16783a150e6e4
-
Size
2.2MB
-
MD5
cf97e45096073a4ff0dfd20d9c139efd
-
SHA1
63ab16acd9540d333084426f34ff26d033ab5de9
-
SHA256
7a63a1cb0e1a1130be41449906010fb9c79a3008c077c7eea8f16783a150e6e4
-
SHA512
a135d2753685593b24131e35e59775fc63a91828ceff8db06af18211f8920db71e411f127f68302ca436443ded36ca4b5d77b30891d6b8399e4193a20b6bdab4
-
SSDEEP
49152:6AN56koCIZYAUq6IP5qWSYTbAICanRy5ZLt/26dKBnr:6k6kje6IPO7Tank5ZLEUK5r
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-