General

  • Target

    5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3

  • Size

    2.1MB

  • Sample

    240415-q5g7daab4y

  • MD5

    5e123c2bc2d04c0eab91f655b6b9b310

  • SHA1

    7d7a51385ca8d3b2867c9678351d9729e8229bd2

  • SHA256

    5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3

  • SHA512

    065f5c5757d7ac055f313e38f022368a36a700d0a1f9e56ec87f034d34f1a54d8041e465a146bba696985130d5024b53250a352dc5b21a748be89cfaba9ef24e

  • SSDEEP

    49152:4SUl6vD5DxN6HHLJFwTe5gw+HvL+D6isnuRtbgdeHKFSC8J:4SSwD5Dxk5+HvduRtsduH

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3

    • Size

      2.1MB

    • MD5

      5e123c2bc2d04c0eab91f655b6b9b310

    • SHA1

      7d7a51385ca8d3b2867c9678351d9729e8229bd2

    • SHA256

      5fe1699bfd32b3d6cc5aca8eec305ff55ca79110907f529004b331580f25e9e3

    • SHA512

      065f5c5757d7ac055f313e38f022368a36a700d0a1f9e56ec87f034d34f1a54d8041e465a146bba696985130d5024b53250a352dc5b21a748be89cfaba9ef24e

    • SSDEEP

      49152:4SUl6vD5DxN6HHLJFwTe5gw+HvL+D6isnuRtbgdeHKFSC8J:4SSwD5Dxk5+HvduRtsduH

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks