General
-
Target
38ba00a799f89b7e2b7034fb9ab3e28a092d2a14488b14ab99e644a1400bd27b
-
Size
2.2MB
-
Sample
240419-h9ps1scg31
-
MD5
b8fc8142e2950c8ee558f446de9d8f05
-
SHA1
f35ac9944df661f46a362b0834ae7f8745e2435e
-
SHA256
38ba00a799f89b7e2b7034fb9ab3e28a092d2a14488b14ab99e644a1400bd27b
-
SHA512
924cc44855e55eac8ab23730f2159a9b24d6ea35a4b6c79bc5f2fcf559b90adb47ee8715cfd64a3756bbe60f06752aacc4b26b039821800a5223a64a2ceced42
-
SSDEEP
49152:PeF1xn14/SHbQ0B74TJ4eJvG6hMeQ2Zwkw0ml2ztj4U:m1xn11HbQ0mJLhDh/dB14U
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
38ba00a799f89b7e2b7034fb9ab3e28a092d2a14488b14ab99e644a1400bd27b
-
Size
2.2MB
-
MD5
b8fc8142e2950c8ee558f446de9d8f05
-
SHA1
f35ac9944df661f46a362b0834ae7f8745e2435e
-
SHA256
38ba00a799f89b7e2b7034fb9ab3e28a092d2a14488b14ab99e644a1400bd27b
-
SHA512
924cc44855e55eac8ab23730f2159a9b24d6ea35a4b6c79bc5f2fcf559b90adb47ee8715cfd64a3756bbe60f06752aacc4b26b039821800a5223a64a2ceced42
-
SSDEEP
49152:PeF1xn14/SHbQ0B74TJ4eJvG6hMeQ2Zwkw0ml2ztj4U:m1xn11HbQ0mJLhDh/dB14U
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-