General
-
Target
fdd6ee24b814e31509d99f377970337ee4cfd3ab39beb946487f8c2ee40864f8
-
Size
2.3MB
-
Sample
240526-x45dvahh62
-
MD5
86e9b74732e4feb9f99ae2b8a4c51395
-
SHA1
b391fa5af25d612af90e6fb973f74c388ca087b6
-
SHA256
fdd6ee24b814e31509d99f377970337ee4cfd3ab39beb946487f8c2ee40864f8
-
SHA512
baffd51332cf6e8325160159d3ea27c0876ca1b159a2cb10525d9b2d84d34c2380b037ac5cc5855b24dc787c718b68638eb0a456c4d5a30ae0edbbed3d4b940a
-
SSDEEP
49152:gkmKhyq24kI3qebVsEPXp1vQHHP7oHUbq2pRe4eNqMWP2BFsP5aKG:gkmKEqlkAbmU+vaKqz4eNqMKMELG
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
fdd6ee24b814e31509d99f377970337ee4cfd3ab39beb946487f8c2ee40864f8
-
Size
2.3MB
-
MD5
86e9b74732e4feb9f99ae2b8a4c51395
-
SHA1
b391fa5af25d612af90e6fb973f74c388ca087b6
-
SHA256
fdd6ee24b814e31509d99f377970337ee4cfd3ab39beb946487f8c2ee40864f8
-
SHA512
baffd51332cf6e8325160159d3ea27c0876ca1b159a2cb10525d9b2d84d34c2380b037ac5cc5855b24dc787c718b68638eb0a456c4d5a30ae0edbbed3d4b940a
-
SSDEEP
49152:gkmKhyq24kI3qebVsEPXp1vQHHP7oHUbq2pRe4eNqMWP2BFsP5aKG:gkmKEqlkAbmU+vaKqz4eNqMKMELG
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-