General
-
Target
8bf479950a1a7fc038fc6422702b61d269e15c02b5127386185448b6541c41bc
-
Size
2.2MB
-
Sample
240417-3epjzsaf3z
-
MD5
769ccc1f05dbd4f51682c95b1ffd9eaa
-
SHA1
d7759e8c9c8d8a72a792444ced1f81e11f37d850
-
SHA256
8bf479950a1a7fc038fc6422702b61d269e15c02b5127386185448b6541c41bc
-
SHA512
1bc6e88ef41a5d00de581e2d7380095b5926a71b483471ae414983c0036432a90375de5f50b41b099c3d7351302d8eb57176181e5f4ef0d8f871b90251ee4641
-
SSDEEP
49152:3eF1xn14/Jkbt092J3zoL05wZ6XIotn7Tf2B/AKQgU:O1xn1bbtCyTWro9f2FU
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
8bf479950a1a7fc038fc6422702b61d269e15c02b5127386185448b6541c41bc
-
Size
2.2MB
-
MD5
769ccc1f05dbd4f51682c95b1ffd9eaa
-
SHA1
d7759e8c9c8d8a72a792444ced1f81e11f37d850
-
SHA256
8bf479950a1a7fc038fc6422702b61d269e15c02b5127386185448b6541c41bc
-
SHA512
1bc6e88ef41a5d00de581e2d7380095b5926a71b483471ae414983c0036432a90375de5f50b41b099c3d7351302d8eb57176181e5f4ef0d8f871b90251ee4641
-
SSDEEP
49152:3eF1xn14/Jkbt092J3zoL05wZ6XIotn7Tf2B/AKQgU:O1xn1bbtCyTWro9f2FU
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-