General
-
Target
180637780e71e5ec8498b313c0452fbc7ea75e87531ae7d7443bc3590f5fae40
-
Size
2.2MB
-
Sample
240526-1w3rtsde7y
-
MD5
2238c1260f5986ef9925adc2fe2c727d
-
SHA1
c3b86f662927d2218776b9e255d114a8dca02d02
-
SHA256
180637780e71e5ec8498b313c0452fbc7ea75e87531ae7d7443bc3590f5fae40
-
SHA512
bbceaa9ff0fe2fbb37f1ee168ff4188591b84f86347acd248be01a1746c54a24747eb82264a3339cec49a1c048f72cb09c34229720a36478e88115201f4c2b3b
-
SSDEEP
49152:nkmKhyq24kI3qebVaxUyyUxhJoMcEQN7ppXswX3jYxjcFv:nkmKEqlkAbkxNrhyM3QNdpsmgj
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
180637780e71e5ec8498b313c0452fbc7ea75e87531ae7d7443bc3590f5fae40
-
Size
2.2MB
-
MD5
2238c1260f5986ef9925adc2fe2c727d
-
SHA1
c3b86f662927d2218776b9e255d114a8dca02d02
-
SHA256
180637780e71e5ec8498b313c0452fbc7ea75e87531ae7d7443bc3590f5fae40
-
SHA512
bbceaa9ff0fe2fbb37f1ee168ff4188591b84f86347acd248be01a1746c54a24747eb82264a3339cec49a1c048f72cb09c34229720a36478e88115201f4c2b3b
-
SSDEEP
49152:nkmKhyq24kI3qebVaxUyyUxhJoMcEQN7ppXswX3jYxjcFv:nkmKEqlkAbkxNrhyM3QNdpsmgj
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-