General

  • Target

    f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501

  • Size

    2.1MB

  • Sample

    240415-1aah6aah7s

  • MD5

    b2e235bd1d4efe7b53fc3db1b59f4618

  • SHA1

    32f689eecd2b9396557a60cd623dfc7bb9ac959f

  • SHA256

    f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501

  • SHA512

    1f8bd7942a5c23c54a83085d7d1693408bdf12e2b937a70cf6be447b9d2eaf4318d26093795e05f0599fee7ecbd455a45f4a62e9e2fb190a9110d380790290e4

  • SSDEEP

    49152:pSUl6vD5DxN6HHLJ9tczZDouaGrs4IilSbq+hdoG2:pSSwD5DxkeUuaOIKcTq

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501

    • Size

      2.1MB

    • MD5

      b2e235bd1d4efe7b53fc3db1b59f4618

    • SHA1

      32f689eecd2b9396557a60cd623dfc7bb9ac959f

    • SHA256

      f949c6f9a9ef428152c5e1c539a190c6f75a2c843e4cc21f793e506bfc04f501

    • SHA512

      1f8bd7942a5c23c54a83085d7d1693408bdf12e2b937a70cf6be447b9d2eaf4318d26093795e05f0599fee7ecbd455a45f4a62e9e2fb190a9110d380790290e4

    • SSDEEP

      49152:pSUl6vD5DxN6HHLJ9tczZDouaGrs4IilSbq+hdoG2:pSSwD5DxkeUuaOIKcTq

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks