General
-
Target
c1f1cf31b00486213e9342bfc8eb1b3f83775a419248a22de799450fab0ecfe3
-
Size
2.4MB
-
Sample
240524-bzzrxage4w
-
MD5
c31c3f1909dab9a03c3f59a8bd555b38
-
SHA1
35b649010e2d596e9147ebe995176ef8ef7bc539
-
SHA256
c1f1cf31b00486213e9342bfc8eb1b3f83775a419248a22de799450fab0ecfe3
-
SHA512
aed44e6b0ad9007d40248a6c114f8220e2bff5177c5aa0e71a8ce42ce9aa19f54b342270be9abf6ff2f89770b8993af4fa0c2b034eb1bc692346c830b1cc8fa7
-
SSDEEP
49152:yfNYyhPNfMGphcnhnsvpWvD9PJREkkvGJ9ickAacAH1e3/Zc+mhlS4fs0m:8XWaxWbtrEGJBk5BH1+x96S+
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
c1f1cf31b00486213e9342bfc8eb1b3f83775a419248a22de799450fab0ecfe3
-
Size
2.4MB
-
MD5
c31c3f1909dab9a03c3f59a8bd555b38
-
SHA1
35b649010e2d596e9147ebe995176ef8ef7bc539
-
SHA256
c1f1cf31b00486213e9342bfc8eb1b3f83775a419248a22de799450fab0ecfe3
-
SHA512
aed44e6b0ad9007d40248a6c114f8220e2bff5177c5aa0e71a8ce42ce9aa19f54b342270be9abf6ff2f89770b8993af4fa0c2b034eb1bc692346c830b1cc8fa7
-
SSDEEP
49152:yfNYyhPNfMGphcnhnsvpWvD9PJREkkvGJ9ickAacAH1e3/Zc+mhlS4fs0m:8XWaxWbtrEGJBk5BH1+x96S+
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-