General
-
Target
5c61452e6df0966976625ace750e65105982e2ad39d4839355d8683f003b08cf
-
Size
2.1MB
-
Sample
240415-e24enaha51
-
MD5
041e222f8d970e6006bf5fd21bafd2ab
-
SHA1
ddd188687a34a9ee007f0ade2b1660b9667adfeb
-
SHA256
5c61452e6df0966976625ace750e65105982e2ad39d4839355d8683f003b08cf
-
SHA512
a80bc7120f8bc1650c05a9d78a1874761698cf043b91d759bde79eb9c2948c30cd8c9f5417c3dfa86362a09036ef007c1e08d1b2ed86289501155767a93e07f2
-
SSDEEP
49152:WSUl6vD5DxN6HHLJ9tKvKXcFImPIATv8KuwQshEm9gARy/59mGaJo:WSSwD5DxkUymImZU8NhEmSARGm
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
5c61452e6df0966976625ace750e65105982e2ad39d4839355d8683f003b08cf
-
Size
2.1MB
-
MD5
041e222f8d970e6006bf5fd21bafd2ab
-
SHA1
ddd188687a34a9ee007f0ade2b1660b9667adfeb
-
SHA256
5c61452e6df0966976625ace750e65105982e2ad39d4839355d8683f003b08cf
-
SHA512
a80bc7120f8bc1650c05a9d78a1874761698cf043b91d759bde79eb9c2948c30cd8c9f5417c3dfa86362a09036ef007c1e08d1b2ed86289501155767a93e07f2
-
SSDEEP
49152:WSUl6vD5DxN6HHLJ9tKvKXcFImPIATv8KuwQshEm9gARy/59mGaJo:WSSwD5DxkUymImZU8NhEmSARGm
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-