General

  • Target

    tmp

  • Size

    2.2MB

  • Sample

    240414-q1ssbagh86

  • MD5

    96684fb3f687a83712e37790a11604ba

  • SHA1

    0424c4b88db0290c4b8bb48ab6682d430c50cdae

  • SHA256

    10cc671c0f38fbb5a5b6cfff52d41d1417d4133cca7854c17cc9cb8dcb3d8aa5

  • SHA512

    3d12a7cc0b5f7bed343989a484a64d31b44b86b8e5b4d05ffa324f7bc0167cc527507e999c96fcb516349e91dd9e19aafae70ddb77f5793f79609302120e7d8c

  • SSDEEP

    49152:pSUl6vD5DxN6HHLJFwvhNNS/1eejLKq0BEQDZ2sxDX6Zj/VLnUK:pSSwD5DxkYSJjYVN2sxDAZnUK

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      tmp

    • Size

      2.2MB

    • MD5

      96684fb3f687a83712e37790a11604ba

    • SHA1

      0424c4b88db0290c4b8bb48ab6682d430c50cdae

    • SHA256

      10cc671c0f38fbb5a5b6cfff52d41d1417d4133cca7854c17cc9cb8dcb3d8aa5

    • SHA512

      3d12a7cc0b5f7bed343989a484a64d31b44b86b8e5b4d05ffa324f7bc0167cc527507e999c96fcb516349e91dd9e19aafae70ddb77f5793f79609302120e7d8c

    • SSDEEP

      49152:pSUl6vD5DxN6HHLJFwvhNNS/1eejLKq0BEQDZ2sxDX6Zj/VLnUK:pSSwD5DxkYSJjYVN2sxDAZnUK

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks