General

  • Target

    20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a.exe

  • Size

    2.1MB

  • Sample

    240415-beqy9sad25

  • MD5

    81713557ea8d0af915183a948912d141

  • SHA1

    a8bb761c5eeb489f723eaed913c4f249e09ee466

  • SHA256

    20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a

  • SHA512

    c5ec019dc7fc44c375597d1c728cf3067471c1551a8cdca2298f7823191e9f193e8c3fb531bea4c8643077ad66427c60b0857c2785f5ef756b547e99b5db818d

  • SSDEEP

    49152:JSUl6vD5DxN6HHLJFwMh90uMu2zRbqf1aAzhN4JK0sHncU011Q:JSSwD5Dxk5eQmK0mm11

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a.exe

    • Size

      2.1MB

    • MD5

      81713557ea8d0af915183a948912d141

    • SHA1

      a8bb761c5eeb489f723eaed913c4f249e09ee466

    • SHA256

      20f56c766225ccd9d19edf9021ab2ce69071fb6ad80a69637fd9a7af02273a4a

    • SHA512

      c5ec019dc7fc44c375597d1c728cf3067471c1551a8cdca2298f7823191e9f193e8c3fb531bea4c8643077ad66427c60b0857c2785f5ef756b547e99b5db818d

    • SSDEEP

      49152:JSUl6vD5DxN6HHLJFwMh90uMu2zRbqf1aAzhN4JK0sHncU011Q:JSSwD5Dxk5eQmK0mm11

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks