General

  • Target

    1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c

  • Size

    2.3MB

  • Sample

    240609-grflysfe28

  • MD5

    c0789669276a38bd4905bec0c9fbd2f4

  • SHA1

    96997489c3c1bce03d90dc39c5b920ed3280b0b2

  • SHA256

    1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c

  • SHA512

    4fa7091e68eb289072cde8f495c34313b4ca61dbeb51b634709dbd54ca0e725e9a4b4813495695da35f8d1b46bc169a361591bfc9f46823c72ab3a3bd7026ef7

  • SSDEEP

    49152:KAR7jiPpm36Cc+Ne87FmNESB9l7scAKS5Qp7NafDGo6Noa0ZJ1/8dzGUt40arxdp:KE72Po3MigDwLEwLjaSB8v01dp

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c

    • Size

      2.3MB

    • MD5

      c0789669276a38bd4905bec0c9fbd2f4

    • SHA1

      96997489c3c1bce03d90dc39c5b920ed3280b0b2

    • SHA256

      1da44b6420c25650e822bd5f21522dab878b1077cf2cb44a2466f2a2cfa7bd3c

    • SHA512

      4fa7091e68eb289072cde8f495c34313b4ca61dbeb51b634709dbd54ca0e725e9a4b4813495695da35f8d1b46bc169a361591bfc9f46823c72ab3a3bd7026ef7

    • SSDEEP

      49152:KAR7jiPpm36Cc+Ne87FmNESB9l7scAKS5Qp7NafDGo6Noa0ZJ1/8dzGUt40arxdp:KE72Po3MigDwLEwLjaSB8v01dp

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks