General
-
Target
4aa5c0eb58013496c8b016cc5657b490_NeikiAnalytics.exe
-
Size
2.3MB
-
Sample
240522-184jwsba3x
-
MD5
4aa5c0eb58013496c8b016cc5657b490
-
SHA1
7e3400349214d1bf1f43dfe141c6ed95f79cc6ad
-
SHA256
e3fa8fa3f7cd399e4152d585e0c558af2d921cf18a52ab533b41adf26951a40a
-
SHA512
37ecba72a4504dcc2993d52ce0a59e5682ad67eec7cd33ef3d9bd2abaaa0a582d10c0c3dd398abd3569c6cd3f45ced8c94ccbdbdcfd4600cca35c70e9cec96a2
-
SSDEEP
49152:efNYyhPNfMGphcnhn0S0nYava+53sUs+AEDKKZmBc8t9dh7Vh:gXW50n6Y3bs0K6v8tjhBh
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
4aa5c0eb58013496c8b016cc5657b490_NeikiAnalytics.exe
-
Size
2.3MB
-
MD5
4aa5c0eb58013496c8b016cc5657b490
-
SHA1
7e3400349214d1bf1f43dfe141c6ed95f79cc6ad
-
SHA256
e3fa8fa3f7cd399e4152d585e0c558af2d921cf18a52ab533b41adf26951a40a
-
SHA512
37ecba72a4504dcc2993d52ce0a59e5682ad67eec7cd33ef3d9bd2abaaa0a582d10c0c3dd398abd3569c6cd3f45ced8c94ccbdbdcfd4600cca35c70e9cec96a2
-
SSDEEP
49152:efNYyhPNfMGphcnhn0S0nYava+53sUs+AEDKKZmBc8t9dh7Vh:gXW50n6Y3bs0K6v8tjhBh
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-