General

  • Target

    277a3b397637247ba4d2553884926989f236598d7a9749e179ea6aa0bf5478db

  • Size

    2.2MB

  • Sample

    240603-fge21aca4y

  • MD5

    f7ad7b45c9206a6e8c2e0d277854f65c

  • SHA1

    8dc96a1c2ca5e813e2d0684e41d8a7a1b3f3f623

  • SHA256

    277a3b397637247ba4d2553884926989f236598d7a9749e179ea6aa0bf5478db

  • SHA512

    570cbdeebd7ceb864604e4e765a77607fd3d08787b9e2156094857a3498e5847e5c8f64c5e31fd273b9a6d1e8b8c308453d976bee5b700ae22d0ae421c81264b

  • SSDEEP

    49152:wkmKhyq24kI3qebVa1Jlp94xaHAlqg8Ld0Kpa1HKtpABjL5mFJf/kdb0:wkmKEqlkAbk1nsxmAlqg8LqKU1HiShmz

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      277a3b397637247ba4d2553884926989f236598d7a9749e179ea6aa0bf5478db

    • Size

      2.2MB

    • MD5

      f7ad7b45c9206a6e8c2e0d277854f65c

    • SHA1

      8dc96a1c2ca5e813e2d0684e41d8a7a1b3f3f623

    • SHA256

      277a3b397637247ba4d2553884926989f236598d7a9749e179ea6aa0bf5478db

    • SHA512

      570cbdeebd7ceb864604e4e765a77607fd3d08787b9e2156094857a3498e5847e5c8f64c5e31fd273b9a6d1e8b8c308453d976bee5b700ae22d0ae421c81264b

    • SSDEEP

      49152:wkmKhyq24kI3qebVa1Jlp94xaHAlqg8Ld0Kpa1HKtpABjL5mFJf/kdb0:wkmKEqlkAbk1nsxmAlqg8LqKU1HiShmz

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks