General

  • Target

    3596bd6a9c09e6000268927e0e4361dc75496aaa08776e01bc93a4b820614433

  • Size

    2.1MB

  • Sample

    240525-kybhcscb8s

  • MD5

    eac40b0f2ff92f87f0805fd66d2616ff

  • SHA1

    bd5e547b35bb402294d824114a4f1462e4048fe6

  • SHA256

    3596bd6a9c09e6000268927e0e4361dc75496aaa08776e01bc93a4b820614433

  • SHA512

    0c06c198bf75fd0a7af990351e93d49df46fe67159cf2b2a0424c449de95a9031ef804a1f5f9cf82ecf98a92312933a4d54f2bf38b009b57f4a656feae196b62

  • SSDEEP

    49152:dJc8j/F0L9iEYoWXexCKYWUJjKYz3C+zR3wJJ7S04tY8ewO:dJr/F0LvYixCKYWimG793yctY8BO

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      3596bd6a9c09e6000268927e0e4361dc75496aaa08776e01bc93a4b820614433

    • Size

      2.1MB

    • MD5

      eac40b0f2ff92f87f0805fd66d2616ff

    • SHA1

      bd5e547b35bb402294d824114a4f1462e4048fe6

    • SHA256

      3596bd6a9c09e6000268927e0e4361dc75496aaa08776e01bc93a4b820614433

    • SHA512

      0c06c198bf75fd0a7af990351e93d49df46fe67159cf2b2a0424c449de95a9031ef804a1f5f9cf82ecf98a92312933a4d54f2bf38b009b57f4a656feae196b62

    • SSDEEP

      49152:dJc8j/F0L9iEYoWXexCKYWUJjKYz3C+zR3wJJ7S04tY8ewO:dJr/F0LvYixCKYWimG793yctY8BO

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks