General

  • Target

    ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e

  • Size

    2.2MB

  • Sample

    240415-q5agjaab31

  • MD5

    1f2937b9edd71534942682b3305f0a32

  • SHA1

    9e70078519f0f3132ffefbc5d58ea0da202bc375

  • SHA256

    ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e

  • SHA512

    ca39f160bedb51b0b5fcfde729d4a663590145ccb98749e0f132b7a8e8fecc0e3c96bd434acdcfcd841430298ec00ed884a3e23b649318e5b32d75880d924363

  • SSDEEP

    49152:zSUl6vD5DxN6HHLJ9tKacnUhioOPmeFLNOSG6ANuBM1nrJU/x684ahd2bs7sE3IH:zSSwD5Dxk0asU+mCFG6FBgS/xGaWs7V4

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e

    • Size

      2.2MB

    • MD5

      1f2937b9edd71534942682b3305f0a32

    • SHA1

      9e70078519f0f3132ffefbc5d58ea0da202bc375

    • SHA256

      ca66f8a63454e4d1290d83cf81b5944f31e633be006c8e81fc8eb879c5bb429e

    • SHA512

      ca39f160bedb51b0b5fcfde729d4a663590145ccb98749e0f132b7a8e8fecc0e3c96bd434acdcfcd841430298ec00ed884a3e23b649318e5b32d75880d924363

    • SSDEEP

      49152:zSUl6vD5DxN6HHLJ9tKacnUhioOPmeFLNOSG6ANuBM1nrJU/x684ahd2bs7sE3IH:zSSwD5Dxk0asU+mCFG6FBgS/xGaWs7V4

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks