General

  • Target

    0bbb8c7517edee458961ce3b9f45df32cac596256256c884ed615797b34072aa

  • Size

    2.3MB

  • Sample

    240610-mkw81sge55

  • MD5

    ac265e8fa696e8cf92f7c22e353ff89e

  • SHA1

    eee027520c683f85ddb56f35c11d2d91592de077

  • SHA256

    0bbb8c7517edee458961ce3b9f45df32cac596256256c884ed615797b34072aa

  • SHA512

    fdd9191ba22dc632f8ec7f0d12d4e536bd3a765a869f9fb87184465b9408d250f451d375f65dad8abdb223953a8009e4c72562f34316c15786ccff38aa1bc431

  • SSDEEP

    49152:Jc4QJhbDoMsl3vtr14YXQ0OgftRPPb0oW2ZgtxyAH0CBUpTwG0fx3W:W4UjS3vtBjA0JzFngtxyAH0CB9G0fxm

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.67:58709

Targets

    • Target

      0bbb8c7517edee458961ce3b9f45df32cac596256256c884ed615797b34072aa

    • Size

      2.3MB

    • MD5

      ac265e8fa696e8cf92f7c22e353ff89e

    • SHA1

      eee027520c683f85ddb56f35c11d2d91592de077

    • SHA256

      0bbb8c7517edee458961ce3b9f45df32cac596256256c884ed615797b34072aa

    • SHA512

      fdd9191ba22dc632f8ec7f0d12d4e536bd3a765a869f9fb87184465b9408d250f451d375f65dad8abdb223953a8009e4c72562f34316c15786ccff38aa1bc431

    • SSDEEP

      49152:Jc4QJhbDoMsl3vtr14YXQ0OgftRPPb0oW2ZgtxyAH0CBUpTwG0fx3W:W4UjS3vtBjA0JzFngtxyAH0CB9G0fxm

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks