Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    8b367da03198bc5d7e0f3f77b8d199f5a633e80d610e08f9de455906a8a993ed

  • Size

    2.0MB

  • Sample

    240329-b9373sed91

  • MD5

    c8ea132145a44dad692122537a268046

  • SHA1

    c4f8729f46b37415edcc7540fe3da5267f9accd0

  • SHA256

    8b367da03198bc5d7e0f3f77b8d199f5a633e80d610e08f9de455906a8a993ed

  • SHA512

    ace33e7257bdfab10a208795f6a92c92beffecfef8ec39cd1bae7f00d8bfe9a9e228be6320c0f1a66ab765b94a141e50873b38bba52b18b1bfebd6e089a8d4e6

  • SSDEEP

    49152:My5er9fzkC23If7z5M0L/nEkt8pWnfrJuAQQoql+2U:M4Qu6MlGDQXQoqw2U

Score
10/10
riseproevasionstealer

Malware Config

Targets

    • Target

      8b367da03198bc5d7e0f3f77b8d199f5a633e80d610e08f9de455906a8a993ed

    • Size

      2.0MB

    • MD5

      c8ea132145a44dad692122537a268046

    • SHA1

      c4f8729f46b37415edcc7540fe3da5267f9accd0

    • SHA256

      8b367da03198bc5d7e0f3f77b8d199f5a633e80d610e08f9de455906a8a993ed

    • SHA512

      ace33e7257bdfab10a208795f6a92c92beffecfef8ec39cd1bae7f00d8bfe9a9e228be6320c0f1a66ab765b94a141e50873b38bba52b18b1bfebd6e089a8d4e6

    • SSDEEP

      49152:My5er9fzkC23If7z5M0L/nEkt8pWnfrJuAQQoql+2U:M4Qu6MlGDQXQoqw2U

    Score
    10/10
    riseproevasionstealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks