General

  • Target

    49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081.exe

  • Size

    2.1MB

  • Sample

    240415-bg88madb9y

  • MD5

    89227af5a4e508046dba0f2379366f24

  • SHA1

    dcfbc380cc4b8749a0122f3f6e6f05a9ffaa5597

  • SHA256

    49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081

  • SHA512

    01dfba70a35f591850a7c37ded5ec7ca145fa436f9a98ebc1a45588147365aec1b55cc1f8180b1ed35d56278a94b37ec355a7134c2ecfff878e7389ef4aa2cdd

  • SSDEEP

    49152:1SUl6vD5DxN6HHLJFwvvPMLOVNdtH5v3dHd0mQE4tN0y6a24:1SSwD5DxksPEO7FZ2PtNj6a24

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081.exe

    • Size

      2.1MB

    • MD5

      89227af5a4e508046dba0f2379366f24

    • SHA1

      dcfbc380cc4b8749a0122f3f6e6f05a9ffaa5597

    • SHA256

      49724b3b4a63c60fa5c22f62b291d016947a095b57f4757b83936f3173a18081

    • SHA512

      01dfba70a35f591850a7c37ded5ec7ca145fa436f9a98ebc1a45588147365aec1b55cc1f8180b1ed35d56278a94b37ec355a7134c2ecfff878e7389ef4aa2cdd

    • SSDEEP

      49152:1SUl6vD5DxN6HHLJFwvvPMLOVNdtH5v3dHd0mQE4tN0y6a24:1SSwD5DxksPEO7FZ2PtNj6a24

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks