General
-
Target
f52d14dedf0caacd6ae8a786e8610ce0dafecd71107029e4976f312be939c6a8
-
Size
2.3MB
-
Sample
240501-wfwlcsce8s
-
MD5
175b0ad86027905abebee3d6c8126746
-
SHA1
3bacff75c1fbf68132bff822f37bc79b43900fa6
-
SHA256
f52d14dedf0caacd6ae8a786e8610ce0dafecd71107029e4976f312be939c6a8
-
SHA512
19967d93e22a2f78fd31c36bb099dc0de5dcd16dd11a929697fb193050de056b64bebe5672ba19e8445279073b528f18c91cc6cca79d9b1d5c927dc666ef8237
-
SSDEEP
49152:HGY5918NqwTEgTcQI0ajnbUtEjFXE2xKvSkC/cCBNoAJXWgg:8hTPWLoSJXEDPCkCBOcX
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
f52d14dedf0caacd6ae8a786e8610ce0dafecd71107029e4976f312be939c6a8
-
Size
2.3MB
-
MD5
175b0ad86027905abebee3d6c8126746
-
SHA1
3bacff75c1fbf68132bff822f37bc79b43900fa6
-
SHA256
f52d14dedf0caacd6ae8a786e8610ce0dafecd71107029e4976f312be939c6a8
-
SHA512
19967d93e22a2f78fd31c36bb099dc0de5dcd16dd11a929697fb193050de056b64bebe5672ba19e8445279073b528f18c91cc6cca79d9b1d5c927dc666ef8237
-
SSDEEP
49152:HGY5918NqwTEgTcQI0ajnbUtEjFXE2xKvSkC/cCBNoAJXWgg:8hTPWLoSJXEDPCkCBOcX
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-