General

  • Target

    24f93bc40d2311c39b1253e857fb2655.bin

  • Size

    2.1MB

  • Sample

    240415-bgqfhsdb7v

  • MD5

    b0701dfe00ee04c1c16b2797f123a048

  • SHA1

    af43d791c4a8bed8116788a7aa55d80a3c21a3a2

  • SHA256

    31ce7dbb2477685616277ef855ee8998385420c747c6a0c676e76c3ba92c8698

  • SHA512

    89c4a8c074a8109b4e332883f641a3cbc5eee6efe455de75d5fe3602afa0cfb6cd13dff55a2460096d63b17a5476fd2648f9c91a4b5c3be3eca842cbf841845b

  • SSDEEP

    49152:VhZY5fi+gWeXc9QUUcuNa7Fs4MUVdAnqEeLhnwH1O7cn8Ler5LzVvsVNFp1Y2I:2f0WeXMUb7JqEe+HWA8LOBvsV3I

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      8ff46cb27c8e2d709b0c058e59f0afbad9615eab9dbf17060260d7e68a91e212.exe

    • Size

      2.1MB

    • MD5

      24f93bc40d2311c39b1253e857fb2655

    • SHA1

      7b48993bc668e04664d907cecce81e9f4abf69f4

    • SHA256

      8ff46cb27c8e2d709b0c058e59f0afbad9615eab9dbf17060260d7e68a91e212

    • SHA512

      1e2b93556b71eea8080cc651eb6cd13fbef89a90ab5fd13181ecf71a30f2ab5e48b02d374572794727c2df80a4bcd5962624ff721708632d109059d3baf3296c

    • SSDEEP

      49152:ZSUl6vD5DxN6HHLJFwA0CPy/rvZ46H1SJFYPukYC034vYoTD/:ZSSwD5DxkJyTvZ46HEJ6WkYRCpT

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks