General
-
Target
5a3148b0cdb207ca0cefe71c6f3ffa434f51fbb6660e96245406221cbac84c64
-
Size
2.3MB
-
Sample
240610-2bpvxatdlq
-
MD5
25bb9c7ebdc7d1fcf86e2971c867c8ea
-
SHA1
6b1f2b479e815f2f5ec08cca73d48d1b4dbe43a1
-
SHA256
5a3148b0cdb207ca0cefe71c6f3ffa434f51fbb6660e96245406221cbac84c64
-
SHA512
73d7dd725c8f9deafd27aba0a1c8de378b2003bd737c207befa039debf7365f57cb1f4fcfb9ecb43cf67568aef813b422ca83f40abff0d5bc547bb607358567a
-
SSDEEP
49152:I2ZAkmZWYS6LRGvlPTM5BCRkMs8/s40nxKiUdq/+oX1N:dEZnS6NiTcURkMsOsZ2E11
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
5a3148b0cdb207ca0cefe71c6f3ffa434f51fbb6660e96245406221cbac84c64
-
Size
2.3MB
-
MD5
25bb9c7ebdc7d1fcf86e2971c867c8ea
-
SHA1
6b1f2b479e815f2f5ec08cca73d48d1b4dbe43a1
-
SHA256
5a3148b0cdb207ca0cefe71c6f3ffa434f51fbb6660e96245406221cbac84c64
-
SHA512
73d7dd725c8f9deafd27aba0a1c8de378b2003bd737c207befa039debf7365f57cb1f4fcfb9ecb43cf67568aef813b422ca83f40abff0d5bc547bb607358567a
-
SSDEEP
49152:I2ZAkmZWYS6LRGvlPTM5BCRkMs8/s40nxKiUdq/+oX1N:dEZnS6NiTcURkMsOsZ2E11
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-