General

  • Target

    db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

  • Size

    2.3MB

  • Sample

    240525-tfs45ahh21

  • MD5

    deeac5c0ccf149b1cd710865de019b4c

  • SHA1

    70bcd60da570dbe579cdb9023efe89d8c78131d0

  • SHA256

    db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

  • SHA512

    bb7da06caa21ac3ce01ac790efae95658572e53333bad9c829b8f519184adc48ef91abaff79757793047e3c73ed8bc0e338a18f93090fb5779cab63b003ff59f

  • SSDEEP

    49152:YkmKhyq24kI3qebVs5PbsklJ/gsyyiF7Zgmqk1X+Ol7gTxazX:YkmKEqlkAbm5jjudyOZVXKTA

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

    • Size

      2.3MB

    • MD5

      deeac5c0ccf149b1cd710865de019b4c

    • SHA1

      70bcd60da570dbe579cdb9023efe89d8c78131d0

    • SHA256

      db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

    • SHA512

      bb7da06caa21ac3ce01ac790efae95658572e53333bad9c829b8f519184adc48ef91abaff79757793047e3c73ed8bc0e338a18f93090fb5779cab63b003ff59f

    • SSDEEP

      49152:YkmKhyq24kI3qebVs5PbsklJ/gsyyiF7Zgmqk1X+Ol7gTxazX:YkmKEqlkAbm5jjudyOZVXKTA

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks