General
-
Target
02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da
-
Size
2.3MB
-
Sample
240525-m3vsxaef99
-
MD5
4910d8a49128619c8123dc4ed7cb0940
-
SHA1
4a5de95f54b947f5ab1b99c42dde592b9f92fd6b
-
SHA256
02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da
-
SHA512
f00f1a067f15fdeb40ec0b443f6ef72cc211e84c46401a1d5c25eb56e7763c3e98a70ae83b1ec10c87ca771574ccd2248c653b0999845608ba1d3a8e23e11861
-
SSDEEP
49152:ckmKhyq24kI3qebVnlnmqlvXkmI92OhaZa76BFrekn8/7i02XD:ckmKEqlkAb5lnmqlvkmIYEaA6HbD
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da
-
Size
2.3MB
-
MD5
4910d8a49128619c8123dc4ed7cb0940
-
SHA1
4a5de95f54b947f5ab1b99c42dde592b9f92fd6b
-
SHA256
02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da
-
SHA512
f00f1a067f15fdeb40ec0b443f6ef72cc211e84c46401a1d5c25eb56e7763c3e98a70ae83b1ec10c87ca771574ccd2248c653b0999845608ba1d3a8e23e11861
-
SSDEEP
49152:ckmKhyq24kI3qebVnlnmqlvXkmI92OhaZa76BFrekn8/7i02XD:ckmKEqlkAb5lnmqlvkmIYEaA6HbD
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-