General

  • Target

    6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6

  • Size

    2.2MB

  • Sample

    240525-ztagtsag38

  • MD5

    11d6fba4ecce5c0aa84c85b8aa3bf943

  • SHA1

    627ff2dc507e9be3fe31257b26020a817f24f11c

  • SHA256

    6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6

  • SHA512

    da8e94bfa475f05c413aeb5d0a7735ad42a842ab9bfddc3308f05808a4ac7bfadcb98518ae38de1b5e0b2e4ce0c42d1a8d960a5d2483ad2e004b73a091eb387a

  • SSDEEP

    49152:tkmKhyq24kI3qebVsocsa41Sf3qxpMmWxkJneqPO:tkmKEqlkAbmocB41Sf3qxJPJnhPO

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6

    • Size

      2.2MB

    • MD5

      11d6fba4ecce5c0aa84c85b8aa3bf943

    • SHA1

      627ff2dc507e9be3fe31257b26020a817f24f11c

    • SHA256

      6178f17a4edb411fb0c269d6217add2ceefbfd218ceda1055447627e34a4b4d6

    • SHA512

      da8e94bfa475f05c413aeb5d0a7735ad42a842ab9bfddc3308f05808a4ac7bfadcb98518ae38de1b5e0b2e4ce0c42d1a8d960a5d2483ad2e004b73a091eb387a

    • SSDEEP

      49152:tkmKhyq24kI3qebVsocsa41Sf3qxpMmWxkJneqPO:tkmKEqlkAbmocB41Sf3qxJPJnhPO

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks