General

  • Target

    e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082

  • Size

    2.3MB

  • Sample

    240603-gd8qksef87

  • MD5

    0f75a21fff5bac74724b3f536923b959

  • SHA1

    8dd45c302f00e87b1633ca30563b10b9d6a178a5

  • SHA256

    e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082

  • SHA512

    eeccf94d8fa90b0721599a59b120b1bda1eaff23e245d0de05c11aa7fd8762ddab10dc0958900975dd375c1d6ba1348be04fce5ec72d574da3cb9c11dab18221

  • SSDEEP

    49152:hVtWEjENMYlI/gT8gy2lYeaAe07gHYhJVMBswLDI7hn8CCT9/Uo:9rENVlIs8g5+Ae07gHeuXYhYF

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082

    • Size

      2.3MB

    • MD5

      0f75a21fff5bac74724b3f536923b959

    • SHA1

      8dd45c302f00e87b1633ca30563b10b9d6a178a5

    • SHA256

      e150df93cd3e20e6a7cbf239da82517330264dbb18fc1c37566f88ac2bc99082

    • SHA512

      eeccf94d8fa90b0721599a59b120b1bda1eaff23e245d0de05c11aa7fd8762ddab10dc0958900975dd375c1d6ba1348be04fce5ec72d574da3cb9c11dab18221

    • SSDEEP

      49152:hVtWEjENMYlI/gT8gy2lYeaAe07gHYhJVMBswLDI7hn8CCT9/Uo:9rENVlIs8g5+Ae07gHeuXYhYF

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks