General
-
Target
bc6cf59f8cbf0333e4d739bc4fac23864c66212e55a8d6d9728b065c56a65277
-
Size
2.9MB
-
Sample
240308-fpeq7sgg2s
-
MD5
e65e164664ab397f268b5abd86370a25
-
SHA1
e0256d59c505898ce8eaba11c939643fa3608967
-
SHA256
bc6cf59f8cbf0333e4d739bc4fac23864c66212e55a8d6d9728b065c56a65277
-
SHA512
d31a1e248853b60c18b00879ea0a0033054ad655626074e171e0db19a511e3b0c3c0b06ca6d062577c25f77ea727313f69d1746795bee0f0b451e041474d162a
-
SSDEEP
49152:SJ6EhettSiTR62LBoWlSCyf+yBI+bIw8Twmo6dU1sTtUuZ+:cnO3lefc8b8T/o6diomuZ+
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
bc6cf59f8cbf0333e4d739bc4fac23864c66212e55a8d6d9728b065c56a65277
-
Size
2.9MB
-
MD5
e65e164664ab397f268b5abd86370a25
-
SHA1
e0256d59c505898ce8eaba11c939643fa3608967
-
SHA256
bc6cf59f8cbf0333e4d739bc4fac23864c66212e55a8d6d9728b065c56a65277
-
SHA512
d31a1e248853b60c18b00879ea0a0033054ad655626074e171e0db19a511e3b0c3c0b06ca6d062577c25f77ea727313f69d1746795bee0f0b451e041474d162a
-
SSDEEP
49152:SJ6EhettSiTR62LBoWlSCyf+yBI+bIw8Twmo6dU1sTtUuZ+:cnO3lefc8b8T/o6diomuZ+
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-