risepro | 94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e | Triage

Sharing

General

Target

94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
Size

2.3MB
Sample

240527-f4dsfsae39
MD5

274210f621f10e14510448245a60eca0
SHA1

b3e997b2e47c1d96917e6f4dac970b0965f56d7c
SHA256

94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
SHA512

1eed982349be1810e352fc4848e8d35198bad2b2ab8679c44e2a77333b173e4a261e20c1a6673a9b63e8f75fc34f4f0c841ea8313fd057fbfa83aa9e246c6fe9
SSDEEP

49152:2kmKhyq24kI3qebVaJq8etpbFKHRpyXUpJKTEh8A6:2kmKEqlkAbkJ1UpbFKx09G8

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
- Size
  
  2.3MB
- MD5
  
  274210f621f10e14510448245a60eca0
- SHA1
  
  b3e997b2e47c1d96917e6f4dac970b0965f56d7c
- SHA256
  
  94d977e02a277cc02204ccd6ad712cfa3256f7912f111e74701430995bcded5e
- SHA512
  
  1eed982349be1810e352fc4848e8d35198bad2b2ab8679c44e2a77333b173e4a261e20c1a6673a9b63e8f75fc34f4f0c841ea8313fd057fbfa83aa9e246c6fe9
- SSDEEP
  
  49152:2kmKhyq24kI3qebVaJq8etpbFKHRpyXUpJKTEh8A6:2kmKEqlkAbkJ1UpbFKx09G8
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer