Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0894cb38a5771966a0244f89b8edd493e8ae878da384126e61aae107b07779e5

  • Size

    2.0MB

  • Sample

    240328-jcqvgsdb83

  • MD5

    936518cf566ce25fe942d2c46417c5de

  • SHA1

    37f746b72988a6a7b1be9754085e810d64047865

  • SHA256

    0894cb38a5771966a0244f89b8edd493e8ae878da384126e61aae107b07779e5

  • SHA512

    5389d440060675370dba4fedc97d0a18fee1e3f6d01e9cd9b64e757a2cb26a565a59f85d1b664a09f538ed851dcb20657b05c90b69749e7508c0d6e2476c7ed4

  • SSDEEP

    49152:Dy5er9fzkC23If9/wsBIbBujXI8YAmv7GoGO6xe:D4QuaVDIN7PVl

Score
10/10
riseproevasionstealer

Malware Config

Targets

    • Target

      0894cb38a5771966a0244f89b8edd493e8ae878da384126e61aae107b07779e5

    • Size

      2.0MB

    • MD5

      936518cf566ce25fe942d2c46417c5de

    • SHA1

      37f746b72988a6a7b1be9754085e810d64047865

    • SHA256

      0894cb38a5771966a0244f89b8edd493e8ae878da384126e61aae107b07779e5

    • SHA512

      5389d440060675370dba4fedc97d0a18fee1e3f6d01e9cd9b64e757a2cb26a565a59f85d1b664a09f538ed851dcb20657b05c90b69749e7508c0d6e2476c7ed4

    • SSDEEP

      49152:Dy5er9fzkC23If9/wsBIbBujXI8YAmv7GoGO6xe:D4QuaVDIN7PVl

    Score
    10/10
    riseproevasionstealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks