General
-
Target
01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288
-
Size
2.3MB
-
Sample
240525-vzbjvsbg91
-
MD5
1a9a978e69ab4fd5df2f48265b583b69
-
SHA1
9b453626f499f68ed2d8ee3f2d72f798c5f77925
-
SHA256
01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288
-
SHA512
dc365b4cdf50357642841f62841d4f0ab280649c892c9b8eff03e7513fec7f17c15e6e3cca421c9f37d426524ac599b0c7aa49c90a22e0e0be902aad146b537e
-
SSDEEP
49152:ykmKhyq24kI3qebVacRSHvulGXmAuQZKmd0MXaPe8Y8PQx/hMoaBMTJvIz:ykmKEqlkAbkc0mlviZKjMqPYjx/hLJp0
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288
-
Size
2.3MB
-
MD5
1a9a978e69ab4fd5df2f48265b583b69
-
SHA1
9b453626f499f68ed2d8ee3f2d72f798c5f77925
-
SHA256
01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288
-
SHA512
dc365b4cdf50357642841f62841d4f0ab280649c892c9b8eff03e7513fec7f17c15e6e3cca421c9f37d426524ac599b0c7aa49c90a22e0e0be902aad146b537e
-
SSDEEP
49152:ykmKhyq24kI3qebVacRSHvulGXmAuQZKmd0MXaPe8Y8PQx/hMoaBMTJvIz:ykmKEqlkAbkc0mlviZKjMqPYjx/hLJp0
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-