General
-
Target
5d7e8b424e67f6e882b1d0900cf6ba484e147066c0a58508ab5c5238221b468c
-
Size
2.3MB
-
Sample
240610-jsj2waeh33
-
MD5
f47a22d38bf99cc038fb87664d880726
-
SHA1
29d685dd871ca1b477cfdc383acf74ca43259b51
-
SHA256
5d7e8b424e67f6e882b1d0900cf6ba484e147066c0a58508ab5c5238221b468c
-
SHA512
25e307a85ef360ba6889b6c99ba4689bdd19eb1c1b94f9c34cfe7ce02a9d5cb1838fc5dea99699599d055e65fe6fd850d9ad4e951dd68f4f52faefd5d0f17093
-
SSDEEP
49152:HcAeIpcYgb4SrSTyvo1UJtR7VZ3LSjEGyc:HfbTgbvbdR7VZ3LSjEG
Malware Config
Extracted
risepro
77.91.77.67:58709
Targets
-
-
Target
5d7e8b424e67f6e882b1d0900cf6ba484e147066c0a58508ab5c5238221b468c
-
Size
2.3MB
-
MD5
f47a22d38bf99cc038fb87664d880726
-
SHA1
29d685dd871ca1b477cfdc383acf74ca43259b51
-
SHA256
5d7e8b424e67f6e882b1d0900cf6ba484e147066c0a58508ab5c5238221b468c
-
SHA512
25e307a85ef360ba6889b6c99ba4689bdd19eb1c1b94f9c34cfe7ce02a9d5cb1838fc5dea99699599d055e65fe6fd850d9ad4e951dd68f4f52faefd5d0f17093
-
SSDEEP
49152:HcAeIpcYgb4SrSTyvo1UJtR7VZ3LSjEGyc:HfbTgbvbdR7VZ3LSjEG
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-