General

  • Target

    9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25

  • Size

    2.3MB

  • Sample

    240609-plplnsbb65

  • MD5

    316f690451f9539799ba04cc75ee0ed9

  • SHA1

    31f5532fb8f7dd5e7635adcb4f68a03c515cf634

  • SHA256

    9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25

  • SHA512

    df9fb818d4ecd42cad1b5aed7dd1a83f01f39f00055df261bf7036c04bf8dcf3f331ac701de116ce0218dba8d5c9133942f56f37ccd9f873dd204148578190b4

  • SSDEEP

    49152:rmAQ2BGWfJAlMerjlgHV4maoi4I9TmfFCowSKaHyEd:r+2B4rvM4mf3EmNjz

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25

    • Size

      2.3MB

    • MD5

      316f690451f9539799ba04cc75ee0ed9

    • SHA1

      31f5532fb8f7dd5e7635adcb4f68a03c515cf634

    • SHA256

      9543ef75e82d371be0211f6769eaf8b4252d45affd2ac1cbeb4ed34c2b035c25

    • SHA512

      df9fb818d4ecd42cad1b5aed7dd1a83f01f39f00055df261bf7036c04bf8dcf3f331ac701de116ce0218dba8d5c9133942f56f37ccd9f873dd204148578190b4

    • SSDEEP

      49152:rmAQ2BGWfJAlMerjlgHV4maoi4I9TmfFCowSKaHyEd:r+2B4rvM4mf3EmNjz

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks