General
-
Target
9c51cf022c30a213be00dd998993863a258ab33dfa07c73aaacfe93efccd3dc0
-
Size
5.2MB
-
Sample
240427-mky3lsgf88
-
MD5
a7995b98daf0e9d5cdab05f6b1a9ee31
-
SHA1
266d76d49c0710cb97abb768e1da3bf78714dc94
-
SHA256
9c51cf022c30a213be00dd998993863a258ab33dfa07c73aaacfe93efccd3dc0
-
SHA512
42a6cedc22a71a529136f6d8341b4f5c12ffd36b95d330009f552128ccda5ae3182a15d48b8b6602fbe1fbba8729e242ff474eefbcf8352b8bf13cd5eed048e8
-
SSDEEP
98304:XBlS1ZmJOYBOtV6AveId9yHeaJz0zvNoUHgKSv2CXd7k+UyzzL7TRkPdP:XEyEV6hciz0zvNzS2CXd7LZkFP
Malware Config
Extracted
risepro
193.233.132.226:50500
Targets
-
-
Target
9c51cf022c30a213be00dd998993863a258ab33dfa07c73aaacfe93efccd3dc0
-
Size
5.2MB
-
MD5
a7995b98daf0e9d5cdab05f6b1a9ee31
-
SHA1
266d76d49c0710cb97abb768e1da3bf78714dc94
-
SHA256
9c51cf022c30a213be00dd998993863a258ab33dfa07c73aaacfe93efccd3dc0
-
SHA512
42a6cedc22a71a529136f6d8341b4f5c12ffd36b95d330009f552128ccda5ae3182a15d48b8b6602fbe1fbba8729e242ff474eefbcf8352b8bf13cd5eed048e8
-
SSDEEP
98304:XBlS1ZmJOYBOtV6AveId9yHeaJz0zvNoUHgKSv2CXd7k+UyzzL7TRkPdP:XEyEV6hciz0zvNzS2CXd7LZkFP
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-