General
-
Target
a9404a144e58b77e1c9e8970366e84b02efbb4a84323e1ef4e4716ce4f278c2f
-
Size
2.1MB
-
Sample
240415-r7mejsha82
-
MD5
45c9947ef422c82eef302c4062d414c4
-
SHA1
9b8360f61e01e08992a2c1116b4478c603d483c9
-
SHA256
a9404a144e58b77e1c9e8970366e84b02efbb4a84323e1ef4e4716ce4f278c2f
-
SHA512
2d85007889387af1ff881ca29453f57cb0deb30cb27c97755b7e5567dc9d56bc348c17d268c7e45de432f8ace3c598ed2ba3a8948daf474006bdc44f04445f8d
-
SSDEEP
49152:QSUl6vD5DxN6HHLJFwL63xB239dKwQoaGO0QIS8KRWWSLhnnr2+:QSSwD5DxkmNNdtFaNd49rT
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
a9404a144e58b77e1c9e8970366e84b02efbb4a84323e1ef4e4716ce4f278c2f
-
Size
2.1MB
-
MD5
45c9947ef422c82eef302c4062d414c4
-
SHA1
9b8360f61e01e08992a2c1116b4478c603d483c9
-
SHA256
a9404a144e58b77e1c9e8970366e84b02efbb4a84323e1ef4e4716ce4f278c2f
-
SHA512
2d85007889387af1ff881ca29453f57cb0deb30cb27c97755b7e5567dc9d56bc348c17d268c7e45de432f8ace3c598ed2ba3a8948daf474006bdc44f04445f8d
-
SSDEEP
49152:QSUl6vD5DxN6HHLJFwL63xB239dKwQoaGO0QIS8KRWWSLhnnr2+:QSSwD5DxkmNNdtFaNd49rT
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-