General
-
Target
d65f680d4e3ee81cd4e2c938d0c7fcfc091b8f0ec9f56cc90ee92a49646dfb52
-
Size
2.3MB
-
Sample
240525-r7wm8agc5w
-
MD5
2ea580f1db53ba521411433b4c02d3cd
-
SHA1
38f8d935d9a737bb3b85260e57f78690c1e5ac16
-
SHA256
d65f680d4e3ee81cd4e2c938d0c7fcfc091b8f0ec9f56cc90ee92a49646dfb52
-
SHA512
6bbc48a017b63eeacea58a21c5ced3c26156493073ec32ff2f7d5b88ec14963c79819a94d5f47c0bce8849746570a57be72de307a559b846971d9ce807981b22
-
SSDEEP
49152:4kmKhyq24kI3qebVanLhug6dmZfPJiw340rC/9Dekh81tuA0IPylZ:4kmKEqlkAbkNzZ3bS9DpL
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
d65f680d4e3ee81cd4e2c938d0c7fcfc091b8f0ec9f56cc90ee92a49646dfb52
-
Size
2.3MB
-
MD5
2ea580f1db53ba521411433b4c02d3cd
-
SHA1
38f8d935d9a737bb3b85260e57f78690c1e5ac16
-
SHA256
d65f680d4e3ee81cd4e2c938d0c7fcfc091b8f0ec9f56cc90ee92a49646dfb52
-
SHA512
6bbc48a017b63eeacea58a21c5ced3c26156493073ec32ff2f7d5b88ec14963c79819a94d5f47c0bce8849746570a57be72de307a559b846971d9ce807981b22
-
SSDEEP
49152:4kmKhyq24kI3qebVanLhug6dmZfPJiw340rC/9Dekh81tuA0IPylZ:4kmKEqlkAbkNzZ3bS9DpL
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-