General
-
Target
7efb08802636da48fc3c69ee275295022c55c76928dc552726f79b5ee38203c8
-
Size
2.3MB
-
Sample
240525-3vl4ssfa4s
-
MD5
d02b19ee489964c8e9d15a4198b4efee
-
SHA1
252f44d1881a0e8efe0fd0f581e46ba749122ec6
-
SHA256
7efb08802636da48fc3c69ee275295022c55c76928dc552726f79b5ee38203c8
-
SHA512
875f73eb291eac5ed7257bdc2a52953fa6eb4fade8c1be6be7464f2aaa4030a738799f1ee8c1c4a245e5a00104189fc1c4e56320cbf48b7f18791ce8432ee24e
-
SSDEEP
49152:bkmKhyq24kI3qebVaqQGu6Rfcunpgc+t3O9oMowp/WByjKbgS2C3Nf:bkmKEqlkAbk7zcPpgLCooWaRSFd
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
7efb08802636da48fc3c69ee275295022c55c76928dc552726f79b5ee38203c8
-
Size
2.3MB
-
MD5
d02b19ee489964c8e9d15a4198b4efee
-
SHA1
252f44d1881a0e8efe0fd0f581e46ba749122ec6
-
SHA256
7efb08802636da48fc3c69ee275295022c55c76928dc552726f79b5ee38203c8
-
SHA512
875f73eb291eac5ed7257bdc2a52953fa6eb4fade8c1be6be7464f2aaa4030a738799f1ee8c1c4a245e5a00104189fc1c4e56320cbf48b7f18791ce8432ee24e
-
SSDEEP
49152:bkmKhyq24kI3qebVaqQGu6Rfcunpgc+t3O9oMowp/WByjKbgS2C3Nf:bkmKEqlkAbk7zcPpgLCooWaRSFd
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-