General

  • Target

    45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20

  • Size

    2.1MB

  • Sample

    240415-xnvjpsde68

  • MD5

    4f2dd0fb9561fe1fc90c92b1da92753c

  • SHA1

    46a64c4177defbaabfca42f1ef63bb38897ed462

  • SHA256

    45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20

  • SHA512

    bfbe25494f88e81aa6e468ba9168b30ca418fe52617a99c17f6582f81ee4a3ee5fa02acac8a6bd7f8bd92f9406f6865388374728e42a9d518faf214833dd89a5

  • SSDEEP

    49152:TSUl6vD5DxN6HHLJFw0z/A+47Im3lr8UyY17BUDRadHF:TSSwD5DxkXf4p3OU1aRadH

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20

    • Size

      2.1MB

    • MD5

      4f2dd0fb9561fe1fc90c92b1da92753c

    • SHA1

      46a64c4177defbaabfca42f1ef63bb38897ed462

    • SHA256

      45cf67c6f278a7e910b22b4688e27d70cac194fa4f8115bf7ea23963e342be20

    • SHA512

      bfbe25494f88e81aa6e468ba9168b30ca418fe52617a99c17f6582f81ee4a3ee5fa02acac8a6bd7f8bd92f9406f6865388374728e42a9d518faf214833dd89a5

    • SSDEEP

      49152:TSUl6vD5DxN6HHLJFw0z/A+47Im3lr8UyY17BUDRadHF:TSSwD5DxkXf4p3OU1aRadH

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks