General

  • Target

    c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d

  • Size

    2.2MB

  • Sample

    240414-mx2z2aga75

  • MD5

    a4b722d6297249b39f775c6fa5662720

  • SHA1

    d3ae43c1e8b04a65639ca4fab72d3b91210a2c85

  • SHA256

    c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d

  • SHA512

    63ee754b30bb041e303b8a9b0c53e1e0932c587eedd58fd110f2e96fdc869fcdb5719aba79d0c0c138f896e7cbafc907d1d3eac7e8204f67900d4d263e419e9b

  • SSDEEP

    49152:PSUl6vD5DxN6HHLJ9tmeJT4FouC8cnVxAJjzocH8J3oQPlO:PSSwD5DxkIeJ3LJjAJonJ3nPs

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d

    • Size

      2.2MB

    • MD5

      a4b722d6297249b39f775c6fa5662720

    • SHA1

      d3ae43c1e8b04a65639ca4fab72d3b91210a2c85

    • SHA256

      c631ab024a1acb9b17f93a1bc741e8fb4c4a4a5dfe9bc6bb7de6266c9f08725d

    • SHA512

      63ee754b30bb041e303b8a9b0c53e1e0932c587eedd58fd110f2e96fdc869fcdb5719aba79d0c0c138f896e7cbafc907d1d3eac7e8204f67900d4d263e419e9b

    • SSDEEP

      49152:PSUl6vD5DxN6HHLJ9tmeJT4FouC8cnVxAJjzocH8J3oQPlO:PSSwD5DxkIeJ3LJjAJonJ3nPs

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks