Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408

  • Size

    2.2MB

  • Sample

    240526-hsqc8abf62

  • MD5

    0598b8d859d966cfbd8d965d90cb34fd

  • SHA1

    ad2386eefb45fbd223620a44e4e7802d1dfafb2d

  • SHA256

    c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408

  • SHA512

    bdefcf57ae2b262ab50a79fc9f3b84a0ea725fc7142a32ea85530729b394bded66298206f44b6ace671f993fcb861b4efb595c0334f10ee554acbe6f423a836f

  • SSDEEP

    49152:XkmKhyq24kI3qebVa30qdmiC4MPSefX+:XkmKEqlkAbk3kPSeP

Score
10/10
riseproevasionstealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408

    • Size

      2.2MB

    • MD5

      0598b8d859d966cfbd8d965d90cb34fd

    • SHA1

      ad2386eefb45fbd223620a44e4e7802d1dfafb2d

    • SHA256

      c4334cd5e6f59a1c996090dbb7b605a88ca7e4540b29c5da3e123650971f6408

    • SHA512

      bdefcf57ae2b262ab50a79fc9f3b84a0ea725fc7142a32ea85530729b394bded66298206f44b6ace671f993fcb861b4efb595c0334f10ee554acbe6f423a836f

    • SSDEEP

      49152:XkmKhyq24kI3qebVa30qdmiC4MPSefX+:XkmKEqlkAbk3kPSeP

    Score
    10/10
    riseproevasionstealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks