General

  • Target

    02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

  • Size

    2.3MB

  • Sample

    240525-m3vsxaef99

  • MD5

    4910d8a49128619c8123dc4ed7cb0940

  • SHA1

    4a5de95f54b947f5ab1b99c42dde592b9f92fd6b

  • SHA256

    02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

  • SHA512

    f00f1a067f15fdeb40ec0b443f6ef72cc211e84c46401a1d5c25eb56e7763c3e98a70ae83b1ec10c87ca771574ccd2248c653b0999845608ba1d3a8e23e11861

  • SSDEEP

    49152:ckmKhyq24kI3qebVnlnmqlvXkmI92OhaZa76BFrekn8/7i02XD:ckmKEqlkAb5lnmqlvkmIYEaA6HbD

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

    • Size

      2.3MB

    • MD5

      4910d8a49128619c8123dc4ed7cb0940

    • SHA1

      4a5de95f54b947f5ab1b99c42dde592b9f92fd6b

    • SHA256

      02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

    • SHA512

      f00f1a067f15fdeb40ec0b443f6ef72cc211e84c46401a1d5c25eb56e7763c3e98a70ae83b1ec10c87ca771574ccd2248c653b0999845608ba1d3a8e23e11861

    • SSDEEP

      49152:ckmKhyq24kI3qebVnlnmqlvXkmI92OhaZa76BFrekn8/7i02XD:ckmKEqlkAb5lnmqlvkmIYEaA6HbD

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks