General

  • Target

    89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c

  • Size

    2.2MB

  • Sample

    240414-rrl4vahb98

  • MD5

    91937dfa2879443a7fed48596edcdf17

  • SHA1

    b4867b55cd5442c2ceda49c671da60fc93e7dbe7

  • SHA256

    89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c

  • SHA512

    1c0b1eed239ff1fec5ce300cf5a9892383c2158f5e1b590ae626862f37affa259f670c2e06df489eea68aff1d093884a3cb4127ba2cc63baa9bf1419f02b7dc5

  • SSDEEP

    49152:kSUl6vD5DxN6HHLJ9tFjRJNYPgeao9LgiV6GMi4CqYVihiuUZ57:kSSwD5DxkTRAgW9LgisdviN

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c

    • Size

      2.2MB

    • MD5

      91937dfa2879443a7fed48596edcdf17

    • SHA1

      b4867b55cd5442c2ceda49c671da60fc93e7dbe7

    • SHA256

      89c57239515bc4397f15587836bcdeb11af93055c17ab88b043e104a02bc715c

    • SHA512

      1c0b1eed239ff1fec5ce300cf5a9892383c2158f5e1b590ae626862f37affa259f670c2e06df489eea68aff1d093884a3cb4127ba2cc63baa9bf1419f02b7dc5

    • SSDEEP

      49152:kSUl6vD5DxN6HHLJ9tFjRJNYPgeao9LgiV6GMi4CqYVihiuUZ57:kSSwD5DxkTRAgW9LgisdviN

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks