risepro | 2b11858a7a33aa43254153bf93718a60cd9b3cb151ed1f0a6623ae7c16490e25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b11858a7a33aa43254153bf93718a60cd9b3cb151ed1f0a6623ae7c16490e25
Size

2.3MB
Sample

240529-p63c9sfh54
MD5

535b50cf44276587257043f51ed8b464
SHA1

ea81d52e6efbf515a7f10b467dfa08a01a5a5a2c
SHA256

2b11858a7a33aa43254153bf93718a60cd9b3cb151ed1f0a6623ae7c16490e25
SHA512

ecb33e86223fe23ba422b26d4a3307703a4085bceeb1081bebfcdbce1da5f44302e05838b7c46e0a8e764d930cee4b533f9f4da77f74448796d52d7e8bb0329a
SSDEEP

49152:wtdOqTBhZhbAZs67DBKSu8EOR9cOlkkko9hj0OMSJhM1DLEeM4kdPN02:wtVTvvbMs67l28EOR9llkpKhjhiPu4Ot

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  2b11858a7a33aa43254153bf93718a60cd9b3cb151ed1f0a6623ae7c16490e25
- Size
  
  2.3MB
- MD5
  
  535b50cf44276587257043f51ed8b464
- SHA1
  
  ea81d52e6efbf515a7f10b467dfa08a01a5a5a2c
- SHA256
  
  2b11858a7a33aa43254153bf93718a60cd9b3cb151ed1f0a6623ae7c16490e25
- SHA512
  
  ecb33e86223fe23ba422b26d4a3307703a4085bceeb1081bebfcdbce1da5f44302e05838b7c46e0a8e764d930cee4b533f9f4da77f74448796d52d7e8bb0329a
- SSDEEP
  
  49152:wtdOqTBhZhbAZs67DBKSu8EOR9cOlkkko9hj0OMSJhM1DLEeM4kdPN02:wtVTvvbMs67l28EOR9llkpKhjhiPu4Ot
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer