General

  • Target

    127b2856c15bb56cdc631be7c37135c712ac2271f01570a4c1c7f9c91c2b585f

  • Size

    3.0MB

  • Sample

    240407-3ef8lshf7t

  • MD5

    010e840dd16148147ad4cc8170074d81

  • SHA1

    672b6eb6275c6cc536f6d973a0726999e8a1bcd0

  • SHA256

    127b2856c15bb56cdc631be7c37135c712ac2271f01570a4c1c7f9c91c2b585f

  • SHA512

    35c69b3cc8c9f2a0ef37f7e556277cd86f05f3e90fa7756fda1b55bf7b83eadc93eb98ac2db5dfa1df5b426daa904f92492a38bc5b274303e6ba4ac8715115d3

  • SSDEEP

    49152:Ds5Y5WdjMNWq/dXb8n6Cs3olJ17xdskJVuJ0MdukoD0nz3sJzNI2sSBs3RHn:DsPdjMrG6KJ1ldhJVufup0Ls1uzZ

Malware Config

Targets

    • Target

      127b2856c15bb56cdc631be7c37135c712ac2271f01570a4c1c7f9c91c2b585f

    • Size

      3.0MB

    • MD5

      010e840dd16148147ad4cc8170074d81

    • SHA1

      672b6eb6275c6cc536f6d973a0726999e8a1bcd0

    • SHA256

      127b2856c15bb56cdc631be7c37135c712ac2271f01570a4c1c7f9c91c2b585f

    • SHA512

      35c69b3cc8c9f2a0ef37f7e556277cd86f05f3e90fa7756fda1b55bf7b83eadc93eb98ac2db5dfa1df5b426daa904f92492a38bc5b274303e6ba4ac8715115d3

    • SSDEEP

      49152:Ds5Y5WdjMNWq/dXb8n6Cs3olJ17xdskJVuJ0MdukoD0nz3sJzNI2sSBs3RHn:DsPdjMrG6KJ1ldhJVufup0Ls1uzZ

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks