General

  • Target

    c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c

  • Size

    2.3MB

  • Sample

    240608-xhydeaef7v

  • MD5

    1ac6271ce2ea5ab1a906db2ef3750c27

  • SHA1

    ec79c1403e063de7687ad80433eed6ce7d077ffb

  • SHA256

    c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c

  • SHA512

    91d1350e96d0fd038c0287a9733c6813489dba40c14edfcae9e48c1dd0b17faac128e6e1b35b3b89c905b9fae9c0692e50a946b6f0dafd686332599a381b9656

  • SSDEEP

    49152:MTWK9wc7JMnmU0aBVoaQ/UDy7jh7qPut6MXbg0cf6/BacoWC:MTRbeFoaQ/UDuhD8MX8ji/To

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c

    • Size

      2.3MB

    • MD5

      1ac6271ce2ea5ab1a906db2ef3750c27

    • SHA1

      ec79c1403e063de7687ad80433eed6ce7d077ffb

    • SHA256

      c30fa92738b8c1da4af165dbc7247b87d785755ec9732a6e1cc812800d35066c

    • SHA512

      91d1350e96d0fd038c0287a9733c6813489dba40c14edfcae9e48c1dd0b17faac128e6e1b35b3b89c905b9fae9c0692e50a946b6f0dafd686332599a381b9656

    • SSDEEP

      49152:MTWK9wc7JMnmU0aBVoaQ/UDy7jh7qPut6MXbg0cf6/BacoWC:MTRbeFoaQ/UDuhD8MX8ji/To

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks