General

  • Target

    a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9

  • Size

    2.3MB

  • Sample

    240609-aa1ggaae4v

  • MD5

    ffba825c47e934996f38d23b3d2e4e80

  • SHA1

    11422d69929e8088a0b95a5073fa0505634fe8da

  • SHA256

    a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9

  • SHA512

    82390d1914e0224a6b1ea83275ecbebbe161e93cbfda20942ece5e9c296cbfbcf561d6538323fd452de583ffbfe0c5b690433f9472a85f09d1cbbbdc58cf8b3b

  • SSDEEP

    49152:aIvvc1lePNx2VfWQNfw7/RaGZ+CyOO+e1sZR7DNmzodKrxKlW8KWn10mp:aInc1mnMuQJWTuO21sZR7DNEIZKWnim

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9

    • Size

      2.3MB

    • MD5

      ffba825c47e934996f38d23b3d2e4e80

    • SHA1

      11422d69929e8088a0b95a5073fa0505634fe8da

    • SHA256

      a67cbe57524c022ee3bd75e8f062078d1a3f478f34163e9c6b27b51ccee068b9

    • SHA512

      82390d1914e0224a6b1ea83275ecbebbe161e93cbfda20942ece5e9c296cbfbcf561d6538323fd452de583ffbfe0c5b690433f9472a85f09d1cbbbdc58cf8b3b

    • SSDEEP

      49152:aIvvc1lePNx2VfWQNfw7/RaGZ+CyOO+e1sZR7DNmzodKrxKlW8KWn10mp:aInc1mnMuQJWTuO21sZR7DNEIZKWnim

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks