General

  • Target

    b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703

  • Size

    2.3MB

  • Sample

    240603-gpgfgafb47

  • MD5

    1dd5b91d8b33ad3f5f630bc2866c06de

  • SHA1

    1b3e3981c34b5843fbc6a923811acd2177e0b66f

  • SHA256

    b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703

  • SHA512

    6580018dd28a4bc19f60fb0f282e49e9e3b0021d118b73d26791f7ae783a79923c2789a347fec0c44bf458642acb80d6223e1f694978a0513d754cf3ee75a07d

  • SSDEEP

    49152:fYw4Y8sCtxe3QO/Xg33B7qI0ag2qYPV1cD4kiGXt6R/VZR9sfA:fYw4Y8sCO/iBOD9SckkiGXtw/XR9s

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703

    • Size

      2.3MB

    • MD5

      1dd5b91d8b33ad3f5f630bc2866c06de

    • SHA1

      1b3e3981c34b5843fbc6a923811acd2177e0b66f

    • SHA256

      b9e1f8670c2833992a3a8cd74f88fb4fc727010aea379de286992f70c02a4703

    • SHA512

      6580018dd28a4bc19f60fb0f282e49e9e3b0021d118b73d26791f7ae783a79923c2789a347fec0c44bf458642acb80d6223e1f694978a0513d754cf3ee75a07d

    • SSDEEP

      49152:fYw4Y8sCtxe3QO/Xg33B7qI0ag2qYPV1cD4kiGXt6R/VZR9sfA:fYw4Y8sCO/iBOD9SckkiGXtw/XR9s

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks