General

  • Target

    5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061

  • Size

    2.2MB

  • Sample

    240414-n1frmsbc6s

  • MD5

    41e957d5dd6d65fea81115c57fd187de

  • SHA1

    d76cd71a9a9d1d319ae9ff3fee8cd2e3c340a1f2

  • SHA256

    5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061

  • SHA512

    b586a276d1245ae088d8373b4bf32ed4c1e47b7244b3b7b28ede221a7edb1066ea51065fe59b89cde033e98de89b53dbc1211d452c5649af0d0419572000395f

  • SSDEEP

    49152:uSUl6vD5DxN6HHLJ9t7vB0C/0ArDpP/PHqZCFUS0Du1Gu6tgRqqSGV:uSSwD5Dxk1J0C/05CFn0a1GjtgRPSG

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061

    • Size

      2.2MB

    • MD5

      41e957d5dd6d65fea81115c57fd187de

    • SHA1

      d76cd71a9a9d1d319ae9ff3fee8cd2e3c340a1f2

    • SHA256

      5b61aee8bf726029cae689bd8c9424838eb47bc52403d8fc1e81f5d338dc8061

    • SHA512

      b586a276d1245ae088d8373b4bf32ed4c1e47b7244b3b7b28ede221a7edb1066ea51065fe59b89cde033e98de89b53dbc1211d452c5649af0d0419572000395f

    • SSDEEP

      49152:uSUl6vD5DxN6HHLJ9t7vB0C/0ArDpP/PHqZCFUS0Du1Gu6tgRqqSGV:uSSwD5Dxk1J0C/05CFn0a1GjtgRPSG

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks