General

  • Target

    d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff.exe

  • Size

    2.2MB

  • Sample

    240415-br1z1aah52

  • MD5

    3dd4ded8937cf515194fe34d4382d949

  • SHA1

    a97cd2bfa68c4418cb4ae871a66dc9c4205b0da3

  • SHA256

    d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff

  • SHA512

    986f3d7b325b659800843e250390b775c0527e74b1250cf13fe36dfac82da9a74eb1eccd45de49d10040837dd516e08fb3fb21b39f9a246fc4bf6d467fa9da2c

  • SSDEEP

    49152:XSUl6vD5DxN6HHLJ9tiOZSwyomaCju4Y7w4yQQ+G4hSGs:XSSwD5DxkMcfUu4YwQZGkds

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff.exe

    • Size

      2.2MB

    • MD5

      3dd4ded8937cf515194fe34d4382d949

    • SHA1

      a97cd2bfa68c4418cb4ae871a66dc9c4205b0da3

    • SHA256

      d55963645f59ad463ef56f97933de1acceede3aa831c1e0b3a0ecb53011bf5ff

    • SHA512

      986f3d7b325b659800843e250390b775c0527e74b1250cf13fe36dfac82da9a74eb1eccd45de49d10040837dd516e08fb3fb21b39f9a246fc4bf6d467fa9da2c

    • SSDEEP

      49152:XSUl6vD5DxN6HHLJ9tiOZSwyomaCju4Y7w4yQQ+G4hSGs:XSSwD5DxkMcfUu4YwQZGkds

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks