General

  • Target

    5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92.exe

  • Size

    2.2MB

  • Sample

    240415-bjxydadc6y

  • MD5

    ae4a0b8242ec37581fa326da6db5fff0

  • SHA1

    97a1c0b57bd8388b225011a5184f75a987ca166d

  • SHA256

    5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92

  • SHA512

    653332d7decb1809806302de9157af84a69fc94828e5b1b847e2d8bb13df967d3429338388122c65efcc41ad5cb190c27264dc81b86fde08b668dc706de0fa99

  • SSDEEP

    49152:YSUl6vD5DxN6HHLJ9tomDSnExghWNvEGDc8FtPGMyEh/rrwor9bJxHYn:YSSwD5DxkiHEqeX7tu7EpoeJxE

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92.exe

    • Size

      2.2MB

    • MD5

      ae4a0b8242ec37581fa326da6db5fff0

    • SHA1

      97a1c0b57bd8388b225011a5184f75a987ca166d

    • SHA256

      5ef309cc3e94220f5502a470648a02bdad53938098a02f3d333ee45267a0db92

    • SHA512

      653332d7decb1809806302de9157af84a69fc94828e5b1b847e2d8bb13df967d3429338388122c65efcc41ad5cb190c27264dc81b86fde08b668dc706de0fa99

    • SSDEEP

      49152:YSUl6vD5DxN6HHLJ9tomDSnExghWNvEGDc8FtPGMyEh/rrwor9bJxHYn:YSSwD5DxkiHEqeX7tu7EpoeJxE

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks