General

  • Target

    c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143

  • Size

    2.2MB

  • Sample

    240604-bs5dtagd2x

  • MD5

    4eca1472d4088332cbf99568557f4df2

  • SHA1

    aea753c4a43cc85d9cc9dd3a3dd0e97267f7c1ff

  • SHA256

    c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143

  • SHA512

    e6430d7a3e687ef0f903bf78fa9bdd4abca7ab5e1adeab938f75c3eed3cdcdd415c06c3d26b6eed8d2bcefc9058317a8d04669ab7bf0d191d05a8b74ce6ca120

  • SSDEEP

    49152:RkmKhyq24kI3qebVax+mUJI74ByaKzjSV2FJgr1NJ8/2:RkmKEqlkAbkx+hJtByrzW4FO5NJv

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143

    • Size

      2.2MB

    • MD5

      4eca1472d4088332cbf99568557f4df2

    • SHA1

      aea753c4a43cc85d9cc9dd3a3dd0e97267f7c1ff

    • SHA256

      c5df2e7a7a460b4e99a866d3c6fd9444bf3dd6076fb8c60d1606e5047c32d143

    • SHA512

      e6430d7a3e687ef0f903bf78fa9bdd4abca7ab5e1adeab938f75c3eed3cdcdd415c06c3d26b6eed8d2bcefc9058317a8d04669ab7bf0d191d05a8b74ce6ca120

    • SSDEEP

      49152:RkmKhyq24kI3qebVax+mUJI74ByaKzjSV2FJgr1NJ8/2:RkmKEqlkAbkx+hJtByrzW4FO5NJv

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks