General

  • Target

    b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513

  • Size

    2.3MB

  • Sample

    240610-m1dfvagh39

  • MD5

    86d67aff920d2cd64d3cf030036fccaf

  • SHA1

    a88240c2883a74f1cd3c745a2a52aae4470ad368

  • SHA256

    b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513

  • SHA512

    10c6432ff98ecb5db9d311f7b3164599b69bd5dfcf222bc1307590abc4fbd71a16b4c91da2433b1192e06a992bf37a8e49f6453cb7c0251a54c8a4fde3961f16

  • SSDEEP

    49152:Ty1eon8mOCqoNeZcqgeG8AFT/13T0QQihrT4Z4ENXf8e6y0:2Ew8mLqoacqY8mT/5Z9S3uVy

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.67:58709

Targets

    • Target

      b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513

    • Size

      2.3MB

    • MD5

      86d67aff920d2cd64d3cf030036fccaf

    • SHA1

      a88240c2883a74f1cd3c745a2a52aae4470ad368

    • SHA256

      b798cccfcfa9972686d8a9bdd5edd8d738dc5c928a98ddc92c13095826663513

    • SHA512

      10c6432ff98ecb5db9d311f7b3164599b69bd5dfcf222bc1307590abc4fbd71a16b4c91da2433b1192e06a992bf37a8e49f6453cb7c0251a54c8a4fde3961f16

    • SSDEEP

      49152:Ty1eon8mOCqoNeZcqgeG8AFT/13T0QQihrT4Z4ENXf8e6y0:2Ew8mLqoacqY8mT/5Z9S3uVy

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks