risepro | 2b05b86709f4f4f335b334803682644f87b2a7c3b122e53312b8c640d9721b5c | Triage

Sharing

General

Target

2b05b86709f4f4f335b334803682644f87b2a7c3b122e53312b8c640d9721b5c
Size

2.9MB
Sample

240327-ed8pgaca98
MD5

886ef069a6a8f22bfa268bb7ac3435de
SHA1

53947574433edd9f3edf03c7290386cf8369fc76
SHA256

2b05b86709f4f4f335b334803682644f87b2a7c3b122e53312b8c640d9721b5c
SHA512

a030949d71d0209cd3d49483b1fe3b6ca4cfec8bd2562547e63efea73ba75c1248edb4c6b673e06d58a8c8c06c841fdd06cab6e9a704dbb21bf3f004266678b2
SSDEEP

49152:T41mc5eSjiV7+zOw3w0cnvyVaaIfli+h9Xfu2vFxmbjOu5UWxcU5pFCoEfdG:MCSY+zOw3w0cnvyVaaIY+hmD5e

Score

10^/10

risepro evasion stealer

Malware Config

Targets

- Target
  
  2b05b86709f4f4f335b334803682644f87b2a7c3b122e53312b8c640d9721b5c
- Size
  
  2.9MB
- MD5
  
  886ef069a6a8f22bfa268bb7ac3435de
- SHA1
  
  53947574433edd9f3edf03c7290386cf8369fc76
- SHA256
  
  2b05b86709f4f4f335b334803682644f87b2a7c3b122e53312b8c640d9721b5c
- SHA512
  
  a030949d71d0209cd3d49483b1fe3b6ca4cfec8bd2562547e63efea73ba75c1248edb4c6b673e06d58a8c8c06c841fdd06cab6e9a704dbb21bf3f004266678b2
- SSDEEP
  
  49152:T41mc5eSjiV7+zOw3w0cnvyVaaIfli+h9Xfu2vFxmbjOu5UWxcU5pFCoEfdG:MCSY+zOw3w0cnvyVaaIY+hmD5e
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer