General
-
Target
4fa3bafd37dfac043e0ab993bd703574cf0dabdd75fd620525a47c4e1428318f
-
Size
2.4MB
-
Sample
240514-b9c1wsed4v
-
MD5
a90dc61b12893f9a18b9aea91c395843
-
SHA1
8a31325bac7a662b81b1c5510c5f63a9b3ada9e3
-
SHA256
4fa3bafd37dfac043e0ab993bd703574cf0dabdd75fd620525a47c4e1428318f
-
SHA512
d76a96bb24b9ea883a854f2240627dfe1e7f00e5fa34a5b0b02ac0c835755452980ed954eddc47c24620f8c2c398e75ad4347cd90ff7820b3c40e9f0de9a934c
-
SSDEEP
49152:jfNYyhPNfMGphcnhnQo2fFRJxBFMhdhBwls0BSRb+yF+bgX:jXW6fhxBFMhdhBw2xo0
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
4fa3bafd37dfac043e0ab993bd703574cf0dabdd75fd620525a47c4e1428318f
-
Size
2.4MB
-
MD5
a90dc61b12893f9a18b9aea91c395843
-
SHA1
8a31325bac7a662b81b1c5510c5f63a9b3ada9e3
-
SHA256
4fa3bafd37dfac043e0ab993bd703574cf0dabdd75fd620525a47c4e1428318f
-
SHA512
d76a96bb24b9ea883a854f2240627dfe1e7f00e5fa34a5b0b02ac0c835755452980ed954eddc47c24620f8c2c398e75ad4347cd90ff7820b3c40e9f0de9a934c
-
SSDEEP
49152:jfNYyhPNfMGphcnhnQo2fFRJxBFMhdhBwls0BSRb+yF+bgX:jXW6fhxBFMhdhBw2xo0
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-