General
-
Target
6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6
-
Size
2.2MB
-
Sample
240525-ztagtsag38
-
MD5
11d6fba4ecce5c0aa84c85b8aa3bf943
-
SHA1
627ff2dc507e9be3fe31257b26020a817f24f11c
-
SHA256
6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6
-
SHA512
da8e94bfa475f05c413aeb5d0a7735ad42a842ab9bfddc3308f05808a4ac7bfadcb98518ae38de1b5e0b2e4ce0c42d1a8d960a5d2483ad2e004b73a091eb387a
-
SSDEEP
49152:tkmKhyq24kI3qebVsocsa41Sf3qxpMmWxkJneqPO:tkmKEqlkAbmocB41Sf3qxJPJnhPO
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6
-
Size
2.2MB
-
MD5
11d6fba4ecce5c0aa84c85b8aa3bf943
-
SHA1
627ff2dc507e9be3fe31257b26020a817f24f11c
-
SHA256
6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6
-
SHA512
da8e94bfa475f05c413aeb5d0a7735ad42a842ab9bfddc3308f05808a4ac7bfadcb98518ae38de1b5e0b2e4ce0c42d1a8d960a5d2483ad2e004b73a091eb387a
-
SSDEEP
49152:tkmKhyq24kI3qebVsocsa41Sf3qxpMmWxkJneqPO:tkmKEqlkAbmocB41Sf3qxJPJnhPO
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-