General

  • Target

    5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c

  • Size

    2.3MB

  • Sample

    240603-279j7add86

  • MD5

    e5f760c4d7fe439ee505d5aec6bceaca

  • SHA1

    2dac4e5e1cef70c35309c7cf62b0e8cf830664e6

  • SHA256

    5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c

  • SHA512

    f11d5bfb5cd163d73a58c87866d36445b313b3dbb2bdb5392b4bf3863fa2aa54a29d67e074dbd1f0ffb3baeba75a2b57da406ede3234893ba022ce868c247abe

  • SSDEEP

    49152:zkmKhyq24kI3qebVaSHGaGgcLWToEm5cURMvcD9tDHC51ucRVtCHUs:zkmKEqlkAbkOGPE1CWvcDXDQ1ucRVt6

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c

    • Size

      2.3MB

    • MD5

      e5f760c4d7fe439ee505d5aec6bceaca

    • SHA1

      2dac4e5e1cef70c35309c7cf62b0e8cf830664e6

    • SHA256

      5f7ddd7f713a665c0d8f0ed646cb6156da17e467b1f54e338e9df135f2f7576c

    • SHA512

      f11d5bfb5cd163d73a58c87866d36445b313b3dbb2bdb5392b4bf3863fa2aa54a29d67e074dbd1f0ffb3baeba75a2b57da406ede3234893ba022ce868c247abe

    • SSDEEP

      49152:zkmKhyq24kI3qebVaSHGaGgcLWToEm5cURMvcD9tDHC51ucRVtCHUs:zkmKEqlkAbkOGPE1CWvcDXDQ1ucRVt6

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks