General

  • Target

    0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f

  • Size

    2.4MB

  • Sample

    240609-grc6tsfe26

  • MD5

    07bc92e4c0c8007939e9e7d3c2c04b8b

  • SHA1

    86fcc838b694bd30d1c9b9b9c618bde6e41e3818

  • SHA256

    0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f

  • SHA512

    b8d95d215d7935b36165c26a63a6885daccaed89d20f52558f9a3052decc79c36aa9801ae0d13065af6d04777c0b68369c040f4252e69db21435d7daa714e755

  • SSDEEP

    49152:1nZOzQfJzZowrQoknl3hOiOh8yG+tq/V1JKQRTnXaF/3E+:1LfHNEoknvJYGvJKQRTq5

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f

    • Size

      2.4MB

    • MD5

      07bc92e4c0c8007939e9e7d3c2c04b8b

    • SHA1

      86fcc838b694bd30d1c9b9b9c618bde6e41e3818

    • SHA256

      0655c74cc01bde58d2c728ecc8504119a74918b45085bd3f3263edf8a066297f

    • SHA512

      b8d95d215d7935b36165c26a63a6885daccaed89d20f52558f9a3052decc79c36aa9801ae0d13065af6d04777c0b68369c040f4252e69db21435d7daa714e755

    • SSDEEP

      49152:1nZOzQfJzZowrQoknl3hOiOh8yG+tq/V1JKQRTnXaF/3E+:1LfHNEoknvJYGvJKQRTq5

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks