General

  • Target

    b86a1826dcb480327e94708e9278eee024f2b3c2c2dbed17b9944d62888385aa

  • Size

    2.2MB

  • Sample

    240415-vccteabc38

  • MD5

    495d0121487de5a44c557a3209d842ec

  • SHA1

    a2a0dbe3b86ae87c2f3c039b4914e0720e48a9bd

  • SHA256

    b86a1826dcb480327e94708e9278eee024f2b3c2c2dbed17b9944d62888385aa

  • SHA512

    160f684ef6e66479a22177cfd2b1e6f2404d310f33f97eb2a3cc4545368a93277002b37822efa90c7ded6608b72bf03d627aed228447e980c56b32d5cb1502ba

  • SSDEEP

    49152:aSUl6vD5DxN6HHLJFwsMQF/Oc5hLD3oJX0SCqBojG37b0GKGe5XyKc:aSSwD5DxkVbV30ESCqTMWwX1c

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      b86a1826dcb480327e94708e9278eee024f2b3c2c2dbed17b9944d62888385aa

    • Size

      2.2MB

    • MD5

      495d0121487de5a44c557a3209d842ec

    • SHA1

      a2a0dbe3b86ae87c2f3c039b4914e0720e48a9bd

    • SHA256

      b86a1826dcb480327e94708e9278eee024f2b3c2c2dbed17b9944d62888385aa

    • SHA512

      160f684ef6e66479a22177cfd2b1e6f2404d310f33f97eb2a3cc4545368a93277002b37822efa90c7ded6608b72bf03d627aed228447e980c56b32d5cb1502ba

    • SSDEEP

      49152:aSUl6vD5DxN6HHLJFwsMQF/Oc5hLD3oJX0SCqBojG37b0GKGe5XyKc:aSSwD5DxkVbV30ESCqTMWwX1c

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks