General
-
Target
174b0542f7ec81deaa7cee471a9194512e04a67b5294f651d9cdf6035648d23a
-
Size
2.2MB
-
Sample
240524-1pyvascd4s
-
MD5
c60f497fb876d1c5fc585fecbaf6deb4
-
SHA1
9a6a9c8408cff0d9d9e9b923b2a5e4d965984b3c
-
SHA256
174b0542f7ec81deaa7cee471a9194512e04a67b5294f651d9cdf6035648d23a
-
SHA512
2eb06b36a3bb6a58406c03ea908ed55638062c438784d949f5626cf3d22b71c846631312cbb58c6af2d41fc25fa0725fc64668580746c4d4612dfd0a5137ef91
-
SSDEEP
49152:5kmKhyq24kI3qebVaaNDQCkdNHAqrdOcv82p1GfEZY8PAfL+8OsjQgOP:5kmKEqlkAbkYDQCOOqYcv82rGMZlIL3y
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
174b0542f7ec81deaa7cee471a9194512e04a67b5294f651d9cdf6035648d23a
-
Size
2.2MB
-
MD5
c60f497fb876d1c5fc585fecbaf6deb4
-
SHA1
9a6a9c8408cff0d9d9e9b923b2a5e4d965984b3c
-
SHA256
174b0542f7ec81deaa7cee471a9194512e04a67b5294f651d9cdf6035648d23a
-
SHA512
2eb06b36a3bb6a58406c03ea908ed55638062c438784d949f5626cf3d22b71c846631312cbb58c6af2d41fc25fa0725fc64668580746c4d4612dfd0a5137ef91
-
SSDEEP
49152:5kmKhyq24kI3qebVaaNDQCkdNHAqrdOcv82p1GfEZY8PAfL+8OsjQgOP:5kmKEqlkAbkYDQCOOqYcv82rGMZlIL3y
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-