General

  • Target

    bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e

  • Size

    2.1MB

  • Sample

    240415-y7y7nsfd58

  • MD5

    905e43cade568907aaf2e0f0d43769b0

  • SHA1

    5d6088097b8dc5919d825691ab2e8da74798deb1

  • SHA256

    bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e

  • SHA512

    30ebd7e1e2eb844ff76f10e54ee5f3c835dad1912b9a5f01b94e605d157f09ed149a87ddb06b7cf9c497c0ad72a0ff2d4d2bb07130c8aa4d17bbe03007899ecb

  • SSDEEP

    49152:xSUl6vD5DxN6HHLJ9tul7GW+uAmWThJZqeuFwh04uUxpS5Ad/F3CpDA9cd:xSSwD5Dxkg7G6+ThJZqeua4OpzsDAO

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e

    • Size

      2.1MB

    • MD5

      905e43cade568907aaf2e0f0d43769b0

    • SHA1

      5d6088097b8dc5919d825691ab2e8da74798deb1

    • SHA256

      bad9f99bcf91e8497a5af120cd42218b94b1ef151ab29065e3f4c3eb91c71a0e

    • SHA512

      30ebd7e1e2eb844ff76f10e54ee5f3c835dad1912b9a5f01b94e605d157f09ed149a87ddb06b7cf9c497c0ad72a0ff2d4d2bb07130c8aa4d17bbe03007899ecb

    • SSDEEP

      49152:xSUl6vD5DxN6HHLJ9tul7GW+uAmWThJZqeuFwh04uUxpS5Ad/F3CpDA9cd:xSSwD5Dxkg7G6+ThJZqeua4OpzsDAO

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks