General
-
Target
f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377
-
Size
2.3MB
-
Sample
240524-wlbs5sed86
-
MD5
698d65e4815998e97abc11b8bbb9f792
-
SHA1
d862b1f6610cddb90a9eb4420a28a7b195919599
-
SHA256
f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377
-
SHA512
97c390b802be564ef08d2234a7b0ca0b1d61ca1395f0345a6afbc9665c10edfe107a1d8473acdb336a21d3164398ecdacb8948cf842ad0eb15aa2396c36132a8
-
SSDEEP
49152:qkmKhyq24kI3qebVaf3Xyln3P6vZcmZccNuerzHgmA7lg/:qkmKEqlkAbk6F6mUxhHiG
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377
-
Size
2.3MB
-
MD5
698d65e4815998e97abc11b8bbb9f792
-
SHA1
d862b1f6610cddb90a9eb4420a28a7b195919599
-
SHA256
f832f9df587b341b8554373ad5f098aec9e2dbce30d8e12127b80f123c8ac377
-
SHA512
97c390b802be564ef08d2234a7b0ca0b1d61ca1395f0345a6afbc9665c10edfe107a1d8473acdb336a21d3164398ecdacb8948cf842ad0eb15aa2396c36132a8
-
SSDEEP
49152:qkmKhyq24kI3qebVaf3Xyln3P6vZcmZccNuerzHgmA7lg/:qkmKEqlkAbk6F6mUxhHiG
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-