General

  • Target

    f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377

  • Size

    2.3MB

  • Sample

    240524-wlbs5sed86

  • MD5

    698d65e4815998e97abc11b8bbb9f792

  • SHA1

    d862b1f6610cddb90a9eb4420a28a7b195919599

  • SHA256

    f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377

  • SHA512

    97c390b802be564ef08d2234a7b0ca0b1d61ca1395f0345a6afbc9665c10edfe107a1d8473acdb336a21d3164398ecdacb8948cf842ad0eb15aa2396c36132a8

  • SSDEEP

    49152:qkmKhyq24kI3qebVaf3Xyln3P6vZcmZccNuerzHgmA7lg/:qkmKEqlkAbk6F6mUxhHiG

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377

    • Size

      2.3MB

    • MD5

      698d65e4815998e97abc11b8bbb9f792

    • SHA1

      d862b1f6610cddb90a9eb4420a28a7b195919599

    • SHA256

      f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377

    • SHA512

      97c390b802be564ef08d2234a7b0ca0b1d61ca1395f0345a6afbc9665c10edfe107a1d8473acdb336a21d3164398ecdacb8948cf842ad0eb15aa2396c36132a8

    • SSDEEP

      49152:qkmKhyq24kI3qebVaf3Xyln3P6vZcmZccNuerzHgmA7lg/:qkmKEqlkAbk6F6mUxhHiG

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks