Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    29178405b2b6917a04f6cfb98b964958895948836c256554310f0a79e6c57471

  • Size

    2.1MB

  • Sample

    240409-ly58eacb38

  • MD5

    30c04c4019c87f0bd834e43316cab850

  • SHA1

    65b185f69a7492510a2f113de9d33d187b6cbebb

  • SHA256

    29178405b2b6917a04f6cfb98b964958895948836c256554310f0a79e6c57471

  • SHA512

    1727364577f5a8e0dbf34d72a49bf8fd2d60dd84390875ee6a7e7b261aa0d1165318aa7cdcb08417938a471fa16bca7bec01b7bc290ea4b52be437ed8311b92e

  • SSDEEP

    49152:cs9NRR5MmyC8ZCGZXTasg13/nc58jWZQI/2YVhUAQsl:cQNRGEOW5/c5AWZQO2KhUls

Score
10/10
riseproevasionstealer

Malware Config

Targets

    • Target

      29178405b2b6917a04f6cfb98b964958895948836c256554310f0a79e6c57471

    • Size

      2.1MB

    • MD5

      30c04c4019c87f0bd834e43316cab850

    • SHA1

      65b185f69a7492510a2f113de9d33d187b6cbebb

    • SHA256

      29178405b2b6917a04f6cfb98b964958895948836c256554310f0a79e6c57471

    • SHA512

      1727364577f5a8e0dbf34d72a49bf8fd2d60dd84390875ee6a7e7b261aa0d1165318aa7cdcb08417938a471fa16bca7bec01b7bc290ea4b52be437ed8311b92e

    • SSDEEP

      49152:cs9NRR5MmyC8ZCGZXTasg13/nc58jWZQI/2YVhUAQsl:cQNRGEOW5/c5AWZQO2KhUls

    Score
    10/10
    riseproevasionstealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks