General

  • Target

    a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f

  • Size

    8.6MB

  • Sample

    240425-2cnz1aga28

  • MD5

    c49a9a589af8da0d09c69670b2579ab9

  • SHA1

    51a936428711d9bd1307ffd3e75436a0e4568eb2

  • SHA256

    a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f

  • SHA512

    4dcd6ca8c62466f18564e2b5b068238769603df2624b9b39d0f11aa7ff643bd09a51a2a16252c31b1b4ad8d0577ab8d8d9d91e93fdfa886121c37801788bd78c

  • SSDEEP

    196608:aOVNWi1IoE6S5MBjgluihHc4+oueCxQ/sfA84JmQGOVDm2:aOVwim8S5MykihHcYueCxQIA84JfLDm2

Malware Config

Extracted

Family

risepro

C2

193.233.132.226:50500

Targets

    • Target

      a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f

    • Size

      8.6MB

    • MD5

      c49a9a589af8da0d09c69670b2579ab9

    • SHA1

      51a936428711d9bd1307ffd3e75436a0e4568eb2

    • SHA256

      a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f

    • SHA512

      4dcd6ca8c62466f18564e2b5b068238769603df2624b9b39d0f11aa7ff643bd09a51a2a16252c31b1b4ad8d0577ab8d8d9d91e93fdfa886121c37801788bd78c

    • SSDEEP

      196608:aOVNWi1IoE6S5MBjgluihHc4+oueCxQ/sfA84JmQGOVDm2:aOVwim8S5MykihHcYueCxQIA84JfLDm2

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks