Overview

overview

10

Static

static

7

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    af4c6b771de739fc0193b22c3d88fc29f4c2238da4521a9057558de660961223

  • Size

    3.0MB

  • Sample

    240405-s97nyaga91

  • MD5

    5f36e41cac2fa63318443300bd1309a2

  • SHA1

    7283d41e2ba5037605c005443f7e1e3e782776d5

  • SHA256

    af4c6b771de739fc0193b22c3d88fc29f4c2238da4521a9057558de660961223

  • SHA512

    854b3cb869cf4b2e66deefd5c8fe91c9bcda0e67d7c4b40e1c762528cb28c38d75e0a584b1c324cd04371c56a08ad888cba34a102e432f4dc43bccd60c7de8a3

  • SSDEEP

    49152:elDMEyJgxgM4thN8FY2zo5mITuE3ABmeOtJDqi2HtXLygXTt4UVGrGzINhc1k9k0:elQEF+6EmIJQAJei2HtLyWTtLPzOhfJ9

Score
10/10
riseproevasionstealerthemidatrojan

Malware Config

Targets

    • Target

      af4c6b771de739fc0193b22c3d88fc29f4c2238da4521a9057558de660961223

    • Size

      3.0MB

    • MD5

      5f36e41cac2fa63318443300bd1309a2

    • SHA1

      7283d41e2ba5037605c005443f7e1e3e782776d5

    • SHA256

      af4c6b771de739fc0193b22c3d88fc29f4c2238da4521a9057558de660961223

    • SHA512

      854b3cb869cf4b2e66deefd5c8fe91c9bcda0e67d7c4b40e1c762528cb28c38d75e0a584b1c324cd04371c56a08ad888cba34a102e432f4dc43bccd60c7de8a3

    • SSDEEP

      49152:elDMEyJgxgM4thN8FY2zo5mITuE3ABmeOtJDqi2HtXLygXTt4UVGrGzINhc1k9k0:elQEF+6EmIJQAJei2HtLyWTtLPzOhfJ9

    Score
    10/10
    riseproevasionstealerthemidatrojan

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks