General

  • Target

    601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869

  • Size

    2.2MB

  • Sample

    240414-p9hg9sbf71

  • MD5

    7411eeb34304589a064afbea62fc2da9

  • SHA1

    00977a8b39487486c70991cf75e1e3d33bcdc9ac

  • SHA256

    601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869

  • SHA512

    f20fc4c9fd155ce801f3b595382ba6b842122c492415d80c68a29a75b628853a7be786c8e75e7b6126257b8c6831beece1ea8f4142fad74a500ff68173dd90d2

  • SSDEEP

    49152:6SUl6vD5DxN6HHLJ9tynaxoE39lD58kdwe/WS2OXRB2bHYFD:6SSwD5Dxk6a3vHdwqBg4V

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869

    • Size

      2.2MB

    • MD5

      7411eeb34304589a064afbea62fc2da9

    • SHA1

      00977a8b39487486c70991cf75e1e3d33bcdc9ac

    • SHA256

      601dbbdccb93dcee6741d75947baf658874b0a2def9eead31af54568c89de869

    • SHA512

      f20fc4c9fd155ce801f3b595382ba6b842122c492415d80c68a29a75b628853a7be786c8e75e7b6126257b8c6831beece1ea8f4142fad74a500ff68173dd90d2

    • SSDEEP

      49152:6SUl6vD5DxN6HHLJ9tynaxoE39lD58kdwe/WS2OXRB2bHYFD:6SSwD5Dxk6a3vHdwqBg4V

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks