General
-
Target
838a441caca551b2449b70f39d91cfd6848ba38270ae10527d9f38c1f1f51d79
-
Size
2.3MB
-
Sample
240525-xg2pfaeb9z
-
MD5
f498be3ddb2177b61c739f53d0065541
-
SHA1
a492da01865b617a1e115e1c89e31857f25c4daf
-
SHA256
838a441caca551b2449b70f39d91cfd6848ba38270ae10527d9f38c1f1f51d79
-
SHA512
2e4d2cf45b625596881c4cf7373634118446b91b7fef9a1ba31689f9214d9caa61ac790cd5f8321de39e230f9e18f30d510a0a73d6b4df672a2097e16222ae47
-
SSDEEP
49152:fkmKhyq24kI3qebVacTdWD0RSRXTZCyQdgwEHamNyBYewX:fkmKEqlkAbkeUYRoXlCyQsJaYl
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
838a441caca551b2449b70f39d91cfd6848ba38270ae10527d9f38c1f1f51d79
-
Size
2.3MB
-
MD5
f498be3ddb2177b61c739f53d0065541
-
SHA1
a492da01865b617a1e115e1c89e31857f25c4daf
-
SHA256
838a441caca551b2449b70f39d91cfd6848ba38270ae10527d9f38c1f1f51d79
-
SHA512
2e4d2cf45b625596881c4cf7373634118446b91b7fef9a1ba31689f9214d9caa61ac790cd5f8321de39e230f9e18f30d510a0a73d6b4df672a2097e16222ae47
-
SSDEEP
49152:fkmKhyq24kI3qebVacTdWD0RSRXTZCyQdgwEHamNyBYewX:fkmKEqlkAbkeUYRoXlCyQsJaYl
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-