General

  • Target

    01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288

  • Size

    2.3MB

  • Sample

    240525-vzbjvsbg91

  • MD5

    1a9a978e69ab4fd5df2f48265b583b69

  • SHA1

    9b453626f499f68ed2d8ee3f2d72f798c5f77925

  • SHA256

    01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288

  • SHA512

    dc365b4cdf50357642841f62841d4f0ab280649c892c9b8eff03e7513fec7f17c15e6e3cca421c9f37d426524ac599b0c7aa49c90a22e0e0be902aad146b537e

  • SSDEEP

    49152:ykmKhyq24kI3qebVacRSHvulGXmAuQZKmd0MXaPe8Y8PQx/hMoaBMTJvIz:ykmKEqlkAbkc0mlviZKjMqPYjx/hLJp0

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288

    • Size

      2.3MB

    • MD5

      1a9a978e69ab4fd5df2f48265b583b69

    • SHA1

      9b453626f499f68ed2d8ee3f2d72f798c5f77925

    • SHA256

      01fc76988f68b5193efb09aa32e6c62c6bd15dbed45eb5ed5fd8f11537760288

    • SHA512

      dc365b4cdf50357642841f62841d4f0ab280649c892c9b8eff03e7513fec7f17c15e6e3cca421c9f37d426524ac599b0c7aa49c90a22e0e0be902aad146b537e

    • SSDEEP

      49152:ykmKhyq24kI3qebVacRSHvulGXmAuQZKmd0MXaPe8Y8PQx/hMoaBMTJvIz:ykmKEqlkAbkc0mlviZKjMqPYjx/hLJp0

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks