General

  • Target

    c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7

  • Size

    2.2MB

  • Sample

    240415-hmpvhabe7s

  • MD5

    fc4c1a9c7a71d75085af4407cbf24cdc

  • SHA1

    cbb930a5c7fb5af47037611298acefab156f749f

  • SHA256

    c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7

  • SHA512

    308d7f62ca3cec26b633bf5264092fb218d9524f4d2b7b69315d5af20a953b4800338871ce738629ffa1c216862c8fd96ff15f51274e92e8dead5347e37e8cb1

  • SSDEEP

    49152:vSUl6vD5DxN6HHLJ9tcLQkdJAC0KlaWXDANOyxZzu0LAl:vSSwD5DxkZkoC0+aQkfcl

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7

    • Size

      2.2MB

    • MD5

      fc4c1a9c7a71d75085af4407cbf24cdc

    • SHA1

      cbb930a5c7fb5af47037611298acefab156f749f

    • SHA256

      c5d923ed563139b688f4851bf18eb5335979bdbb909a5e761c5c16e552d6ffc7

    • SHA512

      308d7f62ca3cec26b633bf5264092fb218d9524f4d2b7b69315d5af20a953b4800338871ce738629ffa1c216862c8fd96ff15f51274e92e8dead5347e37e8cb1

    • SSDEEP

      49152:vSUl6vD5DxN6HHLJ9tcLQkdJAC0KlaWXDANOyxZzu0LAl:vSSwD5DxkZkoC0+aQkfcl

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks