General

  • Target

    0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897

  • Size

    2.3MB

  • Sample

    240608-tw47bsdc5x

  • MD5

    2bdeb463858b97083d2bfe1d3f2ae096

  • SHA1

    e12d4746d01196499ff3a57d65ab7183d226e990

  • SHA256

    0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897

  • SHA512

    aa9e7b17faf469d607c80cba9ee81f80755d70155b9ac5ee67f144bf8d07d993248d40ffb1ef29f398e304e21783ee09b424b6e144b6648790cf1401cb0061be

  • SSDEEP

    49152:kK8oeQxZobx9M5Bz2huzxMDDQLAEYLACAPj3vWRcRD3jxS5:teQxWxWXz2ENMD8LAdACAr/QcRDzxS5

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897

    • Size

      2.3MB

    • MD5

      2bdeb463858b97083d2bfe1d3f2ae096

    • SHA1

      e12d4746d01196499ff3a57d65ab7183d226e990

    • SHA256

      0a3ae0927b542fb560d8a5f141ab01dac81f4ad870e39b6ff7e7b9d0ccc88897

    • SHA512

      aa9e7b17faf469d607c80cba9ee81f80755d70155b9ac5ee67f144bf8d07d993248d40ffb1ef29f398e304e21783ee09b424b6e144b6648790cf1401cb0061be

    • SSDEEP

      49152:kK8oeQxZobx9M5Bz2huzxMDDQLAEYLACAPj3vWRcRD3jxS5:teQxWxWXz2ENMD8LAdACAr/QcRDzxS5

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks