General

  • Target

    082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29

  • Size

    4.5MB

  • Sample

    240525-llkqyacg4x

  • MD5

    f5b8df75e1a03059ad63447c880eb0dd

  • SHA1

    1a83532ceccd3ed9ad7179305ea32e54734dd17a

  • SHA256

    082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29

  • SHA512

    f253d172e7cba0c86234aea0dfcb32a7dfc5540971b6f47c6dd12f9774a67958c8598b08b2790c4d577b1ac5111a9143dd6e9ac3d344b946737d35a778b36b0b

  • SSDEEP

    98304:4HBZetwxMPUUI4lJHIZr5QvV4zthROYob8gmcKDYKiI:AZetwxMPUUI4HHIPQvV4zs8/cyY

Malware Config

Targets

    • Target

      082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29

    • Size

      4.5MB

    • MD5

      f5b8df75e1a03059ad63447c880eb0dd

    • SHA1

      1a83532ceccd3ed9ad7179305ea32e54734dd17a

    • SHA256

      082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29

    • SHA512

      f253d172e7cba0c86234aea0dfcb32a7dfc5540971b6f47c6dd12f9774a67958c8598b08b2790c4d577b1ac5111a9143dd6e9ac3d344b946737d35a778b36b0b

    • SSDEEP

      98304:4HBZetwxMPUUI4lJHIZr5QvV4zthROYob8gmcKDYKiI:AZetwxMPUUI4HHIPQvV4zs8/cyY

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks