General

  • Target

    160fa92317d39d164912390c1c9f2a7c20f03811db02acf964ae88fdb7671a3b

  • Size

    2.2MB

  • Sample

    240604-fbcdxsdd6w

  • MD5

    37cc046bf2f9e4c9b673c06440936193

  • SHA1

    ffb1bb92955db220094e539a3e27bfb164941422

  • SHA256

    160fa92317d39d164912390c1c9f2a7c20f03811db02acf964ae88fdb7671a3b

  • SHA512

    86431ef253e20ea6a3089c7abbf011926c7cd14992ef9b18d7048d2766bda35e0c35621c4e898d5cfcf4953e34a35597a7244fcc65e7a99d49375dfae7983b26

  • SSDEEP

    49152:ELewTA54Wkj7KccB/FPm1dpEalTIzVOy5CzAr+vHeCNtMVSObGJUog+WhHZG4E3j:QewTLb7KccBg1zhEOyMEcr3gklWZgj3j

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      4de928eed092809696e1212bc93c23cd9229773c45552619cb50eb9ccf769185.exe

    • Size

      2.2MB

    • MD5

      ea845d7ae5ffcc92058eb88e941f3110

    • SHA1

      df66b253812b3de5c8dd02ba9650436964fcaa0f

    • SHA256

      4de928eed092809696e1212bc93c23cd9229773c45552619cb50eb9ccf769185

    • SHA512

      44339f7a8d622e30f3c65aea73cc0187ed8b870c265073137e5996f20bc274526f14e7e92b23b2d93c9aa5b3d75e5df5dfc75fe0d8840e6beea2f6fa350b65f1

    • SSDEEP

      49152:0kmKhyq24kI3qebVaqZaHxeaXGtf+rQmgthOe9kUDeTf16HOj+muCP/NOQVh9hPB:0kmKEqlkAbkcaR3XG1SZbUyLWOj9ushd

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks