General

  • Target

    e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354

  • Size

    2.3MB

  • Sample

    240603-e7w8jabe8z

  • MD5

    2d8da46d6febc5407f21470f76b95884

  • SHA1

    b3876364f4fa640018bfc3186e46768ecec98a6d

  • SHA256

    e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354

  • SHA512

    91e28a4755f41abe4210e42902d87d0bd91d53371a1b3fd55bb16c4890ab7457d976a6a402985c95f9c65785f9d0b7296b7b6f4502907523981789d6f45055a5

  • SSDEEP

    49152:xTLfoi4bhHuIcFpufdg4+cyIHKISYdU3GRa80oGi:XohOIcFpydYcrDO3G480oGi

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354

    • Size

      2.3MB

    • MD5

      2d8da46d6febc5407f21470f76b95884

    • SHA1

      b3876364f4fa640018bfc3186e46768ecec98a6d

    • SHA256

      e5daf6f39fafbb0d0e0d8ebe4fdcd3cf7d57c05b61dafd60341eb5367cb70354

    • SHA512

      91e28a4755f41abe4210e42902d87d0bd91d53371a1b3fd55bb16c4890ab7457d976a6a402985c95f9c65785f9d0b7296b7b6f4502907523981789d6f45055a5

    • SSDEEP

      49152:xTLfoi4bhHuIcFpufdg4+cyIHKISYdU3GRa80oGi:XohOIcFpydYcrDO3G480oGi

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks