General

  • Target

    f863465eb55cffc0feada8789f825e7f597f3ffab0987dea31510f471961d461

  • Size

    5.7MB

  • Sample

    240430-lpkkcahc39

  • MD5

    15cadd15b0a9aaa2fd551da56d8941f6

  • SHA1

    b1608f216ba2aafea9327ac8e47009ceaf69ec06

  • SHA256

    f863465eb55cffc0feada8789f825e7f597f3ffab0987dea31510f471961d461

  • SHA512

    b948190804951c70d286735efd35bffba2016130c7bc986a5d6e1dbc7e51851329a5b9a5ec18e7cbc9dc408009866658f54aafedf5fc54ceb23768d96251e8b1

  • SSDEEP

    98304:VFveMolnlWis7IV/vH7rtLay8N2Vu74RwddGB7STFXZw5p+oHcUVAI25q0u:VxDoln4isu/vH7rh2l4RwdvJ88RI25lu

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

    • Target

      f863465eb55cffc0feada8789f825e7f597f3ffab0987dea31510f471961d461

    • Size

      5.7MB

    • MD5

      15cadd15b0a9aaa2fd551da56d8941f6

    • SHA1

      b1608f216ba2aafea9327ac8e47009ceaf69ec06

    • SHA256

      f863465eb55cffc0feada8789f825e7f597f3ffab0987dea31510f471961d461

    • SHA512

      b948190804951c70d286735efd35bffba2016130c7bc986a5d6e1dbc7e51851329a5b9a5ec18e7cbc9dc408009866658f54aafedf5fc54ceb23768d96251e8b1

    • SSDEEP

      98304:VFveMolnlWis7IV/vH7rtLay8N2Vu74RwddGB7STFXZw5p+oHcUVAI25q0u:VxDoln4isu/vH7rh2l4RwdvJ88RI25lu

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks