General

  • Target

    bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d

  • Size

    2.3MB

  • Sample

    240603-gsxa4afc65

  • MD5

    0d02928aece928e87c0ad6ec550e37ac

  • SHA1

    ca9b875454b9cfe1bd468ccbffffec234f94fda7

  • SHA256

    bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d

  • SHA512

    72c191d5ba4065f35f4c483bf46f59184970ae5782d92e5185a351dc0b41190341cbb3bb639c24a05a2abe05c9a63e5d37a0ce67ff8b519f49c669675fc23d25

  • SSDEEP

    49152:TDPteS+V8l4tCgYsqfPMZV5Ae9QituLSf54yfSrw0bO2/aLDYj7w:1V+V8KtCgViPMZjQiseCc0S/LDY/w

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d

    • Size

      2.3MB

    • MD5

      0d02928aece928e87c0ad6ec550e37ac

    • SHA1

      ca9b875454b9cfe1bd468ccbffffec234f94fda7

    • SHA256

      bd555148acf8ec89578618a9e9fbf6cc14227fee987d4a20cf8254f538c6142d

    • SHA512

      72c191d5ba4065f35f4c483bf46f59184970ae5782d92e5185a351dc0b41190341cbb3bb639c24a05a2abe05c9a63e5d37a0ce67ff8b519f49c669675fc23d25

    • SSDEEP

      49152:TDPteS+V8l4tCgYsqfPMZV5Ae9QituLSf54yfSrw0bO2/aLDYj7w:1V+V8KtCgViPMZjQiseCc0S/LDY/w

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks