General

  • Target

    66247a9c4a16609db6e65bb6f8b20b1ed102278e0957a1d397679455a9042a6c

  • Size

    2.3MB

  • Sample

    240525-w2nsmsdh43

  • MD5

    08a99d42896142ff7e11085c5624b443

  • SHA1

    b69774b8f2c55a92f5254fa746d4cb848e5a068a

  • SHA256

    66247a9c4a16609db6e65bb6f8b20b1ed102278e0957a1d397679455a9042a6c

  • SHA512

    72de47aaf9eb830d149b5918f116891b7180147ea177f689dc5ec6958aa5035f00376fd8f008d1669a215a51a2143afefbe5fb2f686aabea69a704354d40ad94

  • SSDEEP

    49152:JkmKhyq24kI3qebVs1DuQD08vJyCrJsFMPYihv75vpmfGc9X6zwmQMU:JkmKEqlkAbmxTDjlJQMPYaz5vbqn

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      66247a9c4a16609db6e65bb6f8b20b1ed102278e0957a1d397679455a9042a6c

    • Size

      2.3MB

    • MD5

      08a99d42896142ff7e11085c5624b443

    • SHA1

      b69774b8f2c55a92f5254fa746d4cb848e5a068a

    • SHA256

      66247a9c4a16609db6e65bb6f8b20b1ed102278e0957a1d397679455a9042a6c

    • SHA512

      72de47aaf9eb830d149b5918f116891b7180147ea177f689dc5ec6958aa5035f00376fd8f008d1669a215a51a2143afefbe5fb2f686aabea69a704354d40ad94

    • SSDEEP

      49152:JkmKhyq24kI3qebVs1DuQD08vJyCrJsFMPYihv75vpmfGc9X6zwmQMU:JkmKEqlkAbmxTDjlJQMPYaz5vbqn

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks