General

  • Target

    0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a

  • Size

    2.2MB

  • Sample

    240415-pl2w1aec98

  • MD5

    3e05d8293a1ce48cef6934688203c900

  • SHA1

    0a0e9bd11cb5c68dc844039a2561dbefd2869a12

  • SHA256

    0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a

  • SHA512

    c47604f45b86e2fd08f672bec4755fdd800d832598dd89372ba84a0dd78cdf914991ecf499c0d490c90f1a87a90691568e1b8abc9671f93ffb9ae1c29ac6a00a

  • SSDEEP

    49152:zSUl6vD5DxN6HHLJ9t/HnxmFrBxM7ynRnyiFHiygCUAOywfWdc:zSSwD5DxkVHxm+yRnJHiVCUvFK

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a

    • Size

      2.2MB

    • MD5

      3e05d8293a1ce48cef6934688203c900

    • SHA1

      0a0e9bd11cb5c68dc844039a2561dbefd2869a12

    • SHA256

      0b30eda7a987375bf37a0ed135e54a9d4be112417a997f60e6d52b1167584e8a

    • SHA512

      c47604f45b86e2fd08f672bec4755fdd800d832598dd89372ba84a0dd78cdf914991ecf499c0d490c90f1a87a90691568e1b8abc9671f93ffb9ae1c29ac6a00a

    • SSDEEP

      49152:zSUl6vD5DxN6HHLJ9t/HnxmFrBxM7ynRnyiFHiygCUAOywfWdc:zSSwD5DxkVHxm+yRnJHiVCUvFK

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks