General
-
Target
73ac3d3b514bd5c4090254713e3c062ed90b90cedbac5dfaf43a3156af510de4
-
Size
2.3MB
-
Sample
240524-p23hgadd3w
-
MD5
16d546f845f221893a9c7edde17f4cd0
-
SHA1
1c7bd70f4356d7bb1811b02ddb137078db1a8ff1
-
SHA256
73ac3d3b514bd5c4090254713e3c062ed90b90cedbac5dfaf43a3156af510de4
-
SHA512
6b017608db3ab1972d16ae2803899a79a01671fc7c798b1ff272a1a204c393288eccac1b2be7301f8b71cf083fdb3ce3bdd0144311ebfacc2f4960a0d41f9b84
-
SSDEEP
49152:mkmKhyq24kI3qebVa1bhWkTaHADRJFyG84i0Xn6XrW5W5vL1U/a:mkmKEqlkAbkWmq4RCGorXrWMOS
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
73ac3d3b514bd5c4090254713e3c062ed90b90cedbac5dfaf43a3156af510de4
-
Size
2.3MB
-
MD5
16d546f845f221893a9c7edde17f4cd0
-
SHA1
1c7bd70f4356d7bb1811b02ddb137078db1a8ff1
-
SHA256
73ac3d3b514bd5c4090254713e3c062ed90b90cedbac5dfaf43a3156af510de4
-
SHA512
6b017608db3ab1972d16ae2803899a79a01671fc7c798b1ff272a1a204c393288eccac1b2be7301f8b71cf083fdb3ce3bdd0144311ebfacc2f4960a0d41f9b84
-
SSDEEP
49152:mkmKhyq24kI3qebVa1bhWkTaHADRJFyG84i0Xn6XrW5W5vL1U/a:mkmKEqlkAbkWmq4RCGorXrWMOS
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-