General

  • Target

    1b02cc8286140afd888884aecc988d8c0fadadacdc5e698d9fd722f7f8a24bf1

  • Size

    2.3MB

  • Sample

    240608-1apyvage7z

  • MD5

    efd0f9ad7f32cf0ac20ee36f29df81d1

  • SHA1

    ec4f07200151c45e92d4623cf7df1f4a614109df

  • SHA256

    1b02cc8286140afd888884aecc988d8c0fadadacdc5e698d9fd722f7f8a24bf1

  • SHA512

    e6c0e028463a62def447be5c672268c0255be383b0ddc22a2f26bd873f155c422bca30b1fe6c1499ed1b5f9ba7c1d137dd9d436dc241d3eb574820ddb4028658

  • SSDEEP

    49152:Oinoazft6QV9anlMzH0vGiYtjo8S0px53wsmNjux7HLKDRO4nF:XoXv6o89Ys6jgPqRO4

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      1b02cc8286140afd888884aecc988d8c0fadadacdc5e698d9fd722f7f8a24bf1

    • Size

      2.3MB

    • MD5

      efd0f9ad7f32cf0ac20ee36f29df81d1

    • SHA1

      ec4f07200151c45e92d4623cf7df1f4a614109df

    • SHA256

      1b02cc8286140afd888884aecc988d8c0fadadacdc5e698d9fd722f7f8a24bf1

    • SHA512

      e6c0e028463a62def447be5c672268c0255be383b0ddc22a2f26bd873f155c422bca30b1fe6c1499ed1b5f9ba7c1d137dd9d436dc241d3eb574820ddb4028658

    • SSDEEP

      49152:Oinoazft6QV9anlMzH0vGiYtjo8S0px53wsmNjux7HLKDRO4nF:XoXv6o89Ys6jgPqRO4

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks