General
-
Target
a54a6dd7e5b024b1587b8ec1bf20d3a0_NeikiAnalytics.exe
-
Size
2.3MB
-
Sample
240614-f34bqazhkq
-
MD5
a54a6dd7e5b024b1587b8ec1bf20d3a0
-
SHA1
b4ba5a277ee0ce04f6d4c80286b3741b1584a9d1
-
SHA256
c20b4a9762af69e2f60917cf5a852ebbad72dad1f717e890e504f42ff93594d2
-
SHA512
506940634a26fac330857595b567a8004deab113204a543ec4f84539292054f306e6b705349deacfb720c3fd788451650310dce2b0c05aa7ab68cf4b4153b877
-
SSDEEP
49152:o9QzVvjQ8SXWfgLWCnnty83No/rFOLQn1xTK0kCf5dmGZm:t9jhSGfPOty8xLyRkui
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
a54a6dd7e5b024b1587b8ec1bf20d3a0_NeikiAnalytics.exe
-
Size
2.3MB
-
MD5
a54a6dd7e5b024b1587b8ec1bf20d3a0
-
SHA1
b4ba5a277ee0ce04f6d4c80286b3741b1584a9d1
-
SHA256
c20b4a9762af69e2f60917cf5a852ebbad72dad1f717e890e504f42ff93594d2
-
SHA512
506940634a26fac330857595b567a8004deab113204a543ec4f84539292054f306e6b705349deacfb720c3fd788451650310dce2b0c05aa7ab68cf4b4153b877
-
SSDEEP
49152:o9QzVvjQ8SXWfgLWCnnty83No/rFOLQn1xTK0kCf5dmGZm:t9jhSGfPOty8xLyRkui
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-