General

  • Target

    60d519f6102d10fb77719485db128f0648169570e51f7574a20ece8e65f961db

  • Size

    2.2MB

  • Sample

    240415-jq8mfscc6z

  • MD5

    bceac58730411c72be03fa0f34ed64ab

  • SHA1

    4f90bd7b5d36858965793fcaa538e3c0bd937227

  • SHA256

    60d519f6102d10fb77719485db128f0648169570e51f7574a20ece8e65f961db

  • SHA512

    4e4f702c6022d42b25ba9544c4655b60164243c8fcb716a918d501eb8ec115d5bffb152b9f2cf158879918e6b72176c7e5d4f2e6b3af999915d5ad66d2bbad27

  • SSDEEP

    49152:KSUl6vD5DxN6HHLJ9taKrOG+jPSopfyQKTQw5X5ysu:KSSwD5Dxk3yj4+

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      60d519f6102d10fb77719485db128f0648169570e51f7574a20ece8e65f961db

    • Size

      2.2MB

    • MD5

      bceac58730411c72be03fa0f34ed64ab

    • SHA1

      4f90bd7b5d36858965793fcaa538e3c0bd937227

    • SHA256

      60d519f6102d10fb77719485db128f0648169570e51f7574a20ece8e65f961db

    • SHA512

      4e4f702c6022d42b25ba9544c4655b60164243c8fcb716a918d501eb8ec115d5bffb152b9f2cf158879918e6b72176c7e5d4f2e6b3af999915d5ad66d2bbad27

    • SSDEEP

      49152:KSUl6vD5DxN6HHLJ9taKrOG+jPSopfyQKTQw5X5ysu:KSSwD5Dxk3yj4+

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks