General

  • Target

    04846dc5508416f587d93cf835520d8a.bin

  • Size

    2.1MB

  • Sample

    240415-bcnfcsac42

  • MD5

    cdcf73aff24ec015ecd2f02d0f3582c0

  • SHA1

    669718307c72bbf810ae1b20135137855ed493a5

  • SHA256

    1f4c0ffe6a465dc997b31c9e15c9706caf6e2c712ef219e3137fbb03586d3dbf

  • SHA512

    e6a8fb7ae4fc68dab9d80373747db9490769b417be26432fd06afd7bcebeb795792b11702064b8cac42fcf11f7f0dbfd0f8900dc5ac0cf353c4cc7ddf3190cf2

  • SSDEEP

    49152:k2lnw6H/qQCd03RJrwCPowYI3XhgfsKasHQreKb3rsG0PU:k2a6H/5wIRJowQfshQQeKspPU

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      4c83fa749481d0d8549034facf59317f713674625c990e83dcb6ec3e00fc2447.exe

    • Size

      2.2MB

    • MD5

      04846dc5508416f587d93cf835520d8a

    • SHA1

      a3208669e2ada3896567d0acb07fc29ff68c3358

    • SHA256

      4c83fa749481d0d8549034facf59317f713674625c990e83dcb6ec3e00fc2447

    • SHA512

      e9110a82691a7ac800f6d93d2aff96c5ed0f768dce29e4d8df99ce48515ef45a25d4843d3c97f3e9814c03406fea1fcf5d601b276139a870f1241c645e21812e

    • SSDEEP

      49152:PSUl6vD5DxN6HHLJFwkXeUND1XvwRpJrI1BblT6j/WHt12fdDD:PSSwD5DxkSgwJrI1QIT2fdDD

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks