General

  • Target

    36fdd89613804ed8db3bb3dd3afe58b76a3c338cf2fa42b1e9dd329e6624f586

  • Size

    2.3MB

  • Sample

    240609-jaaeqagc85

  • MD5

    ea5146ab1565a6274dfeadeaea4a8b02

  • SHA1

    ce3b3698bfc36ea5bd40617b8ad27e81afda4b64

  • SHA256

    36fdd89613804ed8db3bb3dd3afe58b76a3c338cf2fa42b1e9dd329e6624f586

  • SHA512

    c6def48d94d1d9445d77f5ceea180af9c4cb222206e3c0c69c23e9c0bbe764e940e6c229751283a80f10bc2ec0c648b8c6c3de66420d435f79701cc5e70f48d8

  • SSDEEP

    49152:iIxIAhiYMTsaXaV+ECwjqsTUzLmVIehlkkRoW1BRBhDTU12k:iI6A2RXaV+ECCvgzqllkkR911hDwg

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      36fdd89613804ed8db3bb3dd3afe58b76a3c338cf2fa42b1e9dd329e6624f586

    • Size

      2.3MB

    • MD5

      ea5146ab1565a6274dfeadeaea4a8b02

    • SHA1

      ce3b3698bfc36ea5bd40617b8ad27e81afda4b64

    • SHA256

      36fdd89613804ed8db3bb3dd3afe58b76a3c338cf2fa42b1e9dd329e6624f586

    • SHA512

      c6def48d94d1d9445d77f5ceea180af9c4cb222206e3c0c69c23e9c0bbe764e940e6c229751283a80f10bc2ec0c648b8c6c3de66420d435f79701cc5e70f48d8

    • SSDEEP

      49152:iIxIAhiYMTsaXaV+ECwjqsTUzLmVIehlkkRoW1BRBhDTU12k:iI6A2RXaV+ECCvgzqllkkR911hDwg

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks