General
-
Target
37e98b8517f6299151913a20247314bd2453d44c10194b6c83aff873cbd4dc64
-
Size
2.2MB
-
Sample
240326-yms5xsag92
-
MD5
6b46b5b696a032cda7795a955e54e21e
-
SHA1
dee3ad870f9fee374153bd1e955f0b5d0baba48f
-
SHA256
37e98b8517f6299151913a20247314bd2453d44c10194b6c83aff873cbd4dc64
-
SHA512
2e5bb2e2f735890114a5cbced04a72680642910d0dba9487f8e240201e6769c718eff32d8036d829d419d93c1f0ee8d09d619defa46a2a0d252b3b8b40f22028
-
SSDEEP
49152:rfH260SyqnhY6HOTgjncP8HjaY3pDj7qDgb4IAc:rv2HS1YUjncuB3lnogMA
Malware Config
Targets
-
-
Target
37e98b8517f6299151913a20247314bd2453d44c10194b6c83aff873cbd4dc64
-
Size
2.2MB
-
MD5
6b46b5b696a032cda7795a955e54e21e
-
SHA1
dee3ad870f9fee374153bd1e955f0b5d0baba48f
-
SHA256
37e98b8517f6299151913a20247314bd2453d44c10194b6c83aff873cbd4dc64
-
SHA512
2e5bb2e2f735890114a5cbced04a72680642910d0dba9487f8e240201e6769c718eff32d8036d829d419d93c1f0ee8d09d619defa46a2a0d252b3b8b40f22028
-
SSDEEP
49152:rfH260SyqnhY6HOTgjncP8HjaY3pDj7qDgb4IAc:rv2HS1YUjncuB3lnogMA
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-