risepro | 6bc9d8e439d32f00214bfb6c7d0ed52292bd38fcc7f19f2bec0a0ed0c73ae0c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6bc9d8e439d32f00214bfb6c7d0ed52292bd38fcc7f19f2bec0a0ed0c73ae0c0.exe
Size

2.0MB
Sample

240319-cx8gpsfg41
MD5

1c575f28d7b66a908858c33fa945951a
SHA1

4031d16da74b0e90c9d647d4f9135f14e9f7a12b
SHA256

6bc9d8e439d32f00214bfb6c7d0ed52292bd38fcc7f19f2bec0a0ed0c73ae0c0
SHA512

cbafbd0e1127afc61cf1952a7204567ee9207ec00abd4f3b19e012014a0a0e846e385ba8b44f397373db2fbc8c72a2ced44443f858560c44f84892248eb3a6f2
SSDEEP

24576:FWqG7809+QZf3RtTdIoITUnXbWiqXpO+BZrGFppUd3ojpo6h+lFRP7IKU9jIVn9s:c7x9bpL0YZOTMppUdojORP7pFn9iio

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.74:58709

Targets

- Target
  
  6bc9d8e439d32f00214bfb6c7d0ed52292bd38fcc7f19f2bec0a0ed0c73ae0c0.exe
- Size
  
  2.0MB
- MD5
  
  1c575f28d7b66a908858c33fa945951a
- SHA1
  
  4031d16da74b0e90c9d647d4f9135f14e9f7a12b
- SHA256
  
  6bc9d8e439d32f00214bfb6c7d0ed52292bd38fcc7f19f2bec0a0ed0c73ae0c0
- SHA512
  
  cbafbd0e1127afc61cf1952a7204567ee9207ec00abd4f3b19e012014a0a0e846e385ba8b44f397373db2fbc8c72a2ced44443f858560c44f84892248eb3a6f2
- SSDEEP
  
  24576:FWqG7809+QZf3RtTdIoITUnXbWiqXpO+BZrGFppUd3ojpo6h+lFRP7IKU9jIVn9s:c7x9bpL0YZOTMppUdojORP7pFn9iio
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer