General
-
Target
8d0deea181a7b0fc482cdd88a463c489f7a066f76f43ea5e65305471cc00cb45
-
Size
2.2MB
-
Sample
240425-dwcjbaef3s
-
MD5
94624a695903186764f9b127f7aa24aa
-
SHA1
eec837c48cd0c5b0422637094993a908a831c629
-
SHA256
8d0deea181a7b0fc482cdd88a463c489f7a066f76f43ea5e65305471cc00cb45
-
SHA512
a6aab5f64781c7466031cb371570aa127a3bf7c15f5ad536c2f5813a1c1f5957edb06583f2d1673df923b27b93fd969ad4858d96eb34f979ddabd0c8a43c483d
-
SSDEEP
49152:reF1xn14/4iz/2//2pjHpPhDwteoSX7fKCLndy61A/fnU:K1xn1RiL23KFJDzLf9InU
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
8d0deea181a7b0fc482cdd88a463c489f7a066f76f43ea5e65305471cc00cb45
-
Size
2.2MB
-
MD5
94624a695903186764f9b127f7aa24aa
-
SHA1
eec837c48cd0c5b0422637094993a908a831c629
-
SHA256
8d0deea181a7b0fc482cdd88a463c489f7a066f76f43ea5e65305471cc00cb45
-
SHA512
a6aab5f64781c7466031cb371570aa127a3bf7c15f5ad536c2f5813a1c1f5957edb06583f2d1673df923b27b93fd969ad4858d96eb34f979ddabd0c8a43c483d
-
SSDEEP
49152:reF1xn14/4iz/2//2pjHpPhDwteoSX7fKCLndy61A/fnU:K1xn1RiL23KFJDzLf9InU
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-