General

  • Target

    1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b

  • Size

    2.3MB

  • Sample

    240609-kr61paha87

  • MD5

    2ab2eb43b5832502a66be0a9194040d1

  • SHA1

    88c66bdea8ab54c777a11afbaef40d1d5ae1d403

  • SHA256

    1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b

  • SHA512

    98529a30e088f6da30d2d461662f933682fa0bc08b53e8b6047fb2679a1dfff0ac658a2775f29447b228d9ea8feb3a5ec41929779603cc759f95787fae14b8c5

  • SSDEEP

    49152:TI/0kQBHaJ/3jDPXe3+cOW20Oy4AwDF7CX2bopL6DaKoe8r43kD:m0dHaVTbpcOfACFGdQN0

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b

    • Size

      2.3MB

    • MD5

      2ab2eb43b5832502a66be0a9194040d1

    • SHA1

      88c66bdea8ab54c777a11afbaef40d1d5ae1d403

    • SHA256

      1a4d82797dd6abd54f5b6aa57f11474a2b82e7249c663895f29fd67093aef66b

    • SHA512

      98529a30e088f6da30d2d461662f933682fa0bc08b53e8b6047fb2679a1dfff0ac658a2775f29447b228d9ea8feb3a5ec41929779603cc759f95787fae14b8c5

    • SSDEEP

      49152:TI/0kQBHaJ/3jDPXe3+cOW20Oy4AwDF7CX2bopL6DaKoe8r43kD:m0dHaVTbpcOfACFGdQN0

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks