General
-
Target
9f89388df5852f3bf19ed07e10d4f019d87f6a3333a11560d840c9b371ed16bb
-
Size
2.3MB
-
Sample
240527-m2eejaaa34
-
MD5
3550965ed383edb2c5bdb7af7721002a
-
SHA1
36dcb4ba64f2df6eeba24ed1ddd8a51737950675
-
SHA256
9f89388df5852f3bf19ed07e10d4f019d87f6a3333a11560d840c9b371ed16bb
-
SHA512
6863b0685d30bc6aaff588a0990f42a738d39f707612956859d6f9a542b423b0eeb7ef7e5ad19c1ecf8b06ea9375ba25448e1db3838d6ed4195dce6b3856a648
-
SSDEEP
49152:gUdjXbuX8BCS4zVqn3GN5wZHfBrqG8PcxEWR8rkSXIq7Oo3P:Xdj9n4zM3M4J+7cuWEkSYqj
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
9f89388df5852f3bf19ed07e10d4f019d87f6a3333a11560d840c9b371ed16bb
-
Size
2.3MB
-
MD5
3550965ed383edb2c5bdb7af7721002a
-
SHA1
36dcb4ba64f2df6eeba24ed1ddd8a51737950675
-
SHA256
9f89388df5852f3bf19ed07e10d4f019d87f6a3333a11560d840c9b371ed16bb
-
SHA512
6863b0685d30bc6aaff588a0990f42a738d39f707612956859d6f9a542b423b0eeb7ef7e5ad19c1ecf8b06ea9375ba25448e1db3838d6ed4195dce6b3856a648
-
SSDEEP
49152:gUdjXbuX8BCS4zVqn3GN5wZHfBrqG8PcxEWR8rkSXIq7Oo3P:Xdj9n4zM3M4J+7cuWEkSYqj
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-