General
-
Target
ecae9833d81f48acfd05582b2e3d1a94fe633c83e7649e14d0ae6b7a5613f3d6.exe
-
Size
2.9MB
-
Sample
240309-erdq9add5x
-
MD5
bd71c3f444fdf4187e4b78e697ded481
-
SHA1
b592b2fe76c0dc1c09b6f9d3e86a33b4496eff29
-
SHA256
ecae9833d81f48acfd05582b2e3d1a94fe633c83e7649e14d0ae6b7a5613f3d6
-
SHA512
ee547ba7e98e477b2dbb0267bd89a2962322b11c710f435613e9993ebfa44f63cb97964925c02dff687a6bc3a3aa5190331a3c4e32caa3db32e1523701d3f916
-
SSDEEP
49152:us1DsTsYO1qChCJ28+ntlAobOF43x60OEZvpvGufDHvYs0:5s4Xqwz8+ntdE43xzxvYufTQs
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
ecae9833d81f48acfd05582b2e3d1a94fe633c83e7649e14d0ae6b7a5613f3d6.exe
-
Size
2.9MB
-
MD5
bd71c3f444fdf4187e4b78e697ded481
-
SHA1
b592b2fe76c0dc1c09b6f9d3e86a33b4496eff29
-
SHA256
ecae9833d81f48acfd05582b2e3d1a94fe633c83e7649e14d0ae6b7a5613f3d6
-
SHA512
ee547ba7e98e477b2dbb0267bd89a2962322b11c710f435613e9993ebfa44f63cb97964925c02dff687a6bc3a3aa5190331a3c4e32caa3db32e1523701d3f916
-
SSDEEP
49152:us1DsTsYO1qChCJ28+ntlAobOF43x60OEZvpvGufDHvYs0:5s4Xqwz8+ntdE43xzxvYufTQs
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-