General

  • Target

    5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d

  • Size

    2.3MB

  • Sample

    240609-fgg7csef94

  • MD5

    90704b18476bb98b8e0304490913bc61

  • SHA1

    b625d82b966b7ee27b31e6af341bf6de9dbb676c

  • SHA256

    5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d

  • SHA512

    18f1e496cae934c09f6e9874ab00f591edb30b0c14e314da19ec32bdc463eaead893239f7b10b2d0df846eb82db1c41906c79a9e094814f8e0698a358df3590a

  • SSDEEP

    49152:R+33ynAJeE1AcD0IomTe6VrBaOk6STvUo5jAfZZ/Nauw:8yAsqnamBdkMRdNa

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d

    • Size

      2.3MB

    • MD5

      90704b18476bb98b8e0304490913bc61

    • SHA1

      b625d82b966b7ee27b31e6af341bf6de9dbb676c

    • SHA256

      5119072d314c418f5e03de194b3c6498180172f372e88a7e258162d334cd9f3d

    • SHA512

      18f1e496cae934c09f6e9874ab00f591edb30b0c14e314da19ec32bdc463eaead893239f7b10b2d0df846eb82db1c41906c79a9e094814f8e0698a358df3590a

    • SSDEEP

      49152:R+33ynAJeE1AcD0IomTe6VrBaOk6STvUo5jAfZZ/Nauw:8yAsqnamBdkMRdNa

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks