General
-
Target
f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd
-
Size
2.3MB
-
Sample
240526-vh525seb83
-
MD5
1fc5d3f17c4ceca16945ca7d73211fde
-
SHA1
d2cb4da24fc42ecc478d74b9a35e690176932df8
-
SHA256
f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd
-
SHA512
aacf0c6a90e9609de76534d3c4629fc53de101d682edcecf70bb05a438340f575c43fab6faeb6bfc7310b8d6e14cd9e7fc35bee4887a26c3e8aab80168fc0460
-
SSDEEP
49152:PkmKhyq24kI3qebVsONEb1P0L9LzvR2vTEj5H99winf9jadD06NYRWsci:PkmKEqlkAbmt5K1zvvH9i0fOD3Y0ji
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd
-
Size
2.3MB
-
MD5
1fc5d3f17c4ceca16945ca7d73211fde
-
SHA1
d2cb4da24fc42ecc478d74b9a35e690176932df8
-
SHA256
f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd
-
SHA512
aacf0c6a90e9609de76534d3c4629fc53de101d682edcecf70bb05a438340f575c43fab6faeb6bfc7310b8d6e14cd9e7fc35bee4887a26c3e8aab80168fc0460
-
SSDEEP
49152:PkmKhyq24kI3qebVsONEb1P0L9LzvR2vTEj5H99winf9jadD06NYRWsci:PkmKEqlkAbmt5K1zvvH9i0fOD3Y0ji
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-