General

  • Target

    204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d

  • Size

    2.3MB

  • Sample

    240609-bcw3habg72

  • MD5

    79fe89db6a683e2f33d7f105167f5798

  • SHA1

    a02d5809697a5ab6e5f85d385250486ff504f1d7

  • SHA256

    204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d

  • SHA512

    3f1f6c818fc069c87c0ecb5d370d8c98d90aa3f066f373986135967dcc2d3f16b900b024a683d6b74719ffd40b1350ffea24290bfde379519d29818ce2319f78

  • SSDEEP

    49152:bvTBoyftKXTdkeRaKYzoV6e1oNvx5lNEB0eXnFz:b9oyUDpRaKYz06e14vhNQ0inl

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d

    • Size

      2.3MB

    • MD5

      79fe89db6a683e2f33d7f105167f5798

    • SHA1

      a02d5809697a5ab6e5f85d385250486ff504f1d7

    • SHA256

      204a01725d2597d3dac4e26471d2ec3e29702077592bc12b6013412894de075d

    • SHA512

      3f1f6c818fc069c87c0ecb5d370d8c98d90aa3f066f373986135967dcc2d3f16b900b024a683d6b74719ffd40b1350ffea24290bfde379519d29818ce2319f78

    • SSDEEP

      49152:bvTBoyftKXTdkeRaKYzoV6e1oNvx5lNEB0eXnFz:b9oyUDpRaKYz06e14vhNQ0inl

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks