General
-
Target
8790223fcc9a908e5a084da0291ab544c19fb1b2e222c814ca5a1ea085dcdd19
-
Size
2.3MB
-
Sample
240427-kf6ksaeh65
-
MD5
ced3a0dd74446ad08f2bd723aef771ce
-
SHA1
a770add11c13a3a0f5d46e1045efb55d2c9a8fa3
-
SHA256
8790223fcc9a908e5a084da0291ab544c19fb1b2e222c814ca5a1ea085dcdd19
-
SHA512
6ce288f0c4ba328e5b61172fd930ae4fcd6485762300120fbd33d9409bd25c0d42e8bd455cecfc335a7a9a2f104045a5a6b8bef7ea92eff6895c178021731ea8
-
SSDEEP
49152:gg69SebPPiKgYyV87WNAiYuaytP4Nm+PPJ4WsfwWEN:gg69SebiTkYWTnJvsfwWE
Malware Config
Targets
-
-
Target
8790223fcc9a908e5a084da0291ab544c19fb1b2e222c814ca5a1ea085dcdd19
-
Size
2.3MB
-
MD5
ced3a0dd74446ad08f2bd723aef771ce
-
SHA1
a770add11c13a3a0f5d46e1045efb55d2c9a8fa3
-
SHA256
8790223fcc9a908e5a084da0291ab544c19fb1b2e222c814ca5a1ea085dcdd19
-
SHA512
6ce288f0c4ba328e5b61172fd930ae4fcd6485762300120fbd33d9409bd25c0d42e8bd455cecfc335a7a9a2f104045a5a6b8bef7ea92eff6895c178021731ea8
-
SSDEEP
49152:gg69SebPPiKgYyV87WNAiYuaytP4Nm+PPJ4WsfwWEN:gg69SebiTkYWTnJvsfwWE
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-