General
-
Target
9a85aec4398f5683ee98529c9281761877035f2ecf006ea5bd85ba924ea47894
-
Size
2.3MB
-
Sample
240619-2csm7aygjn
-
MD5
7f65e0d68bc24a6e6e74aed966f873a8
-
SHA1
cc9339cdaaf241c3aff61673d88f8c1c890ddfb9
-
SHA256
9a85aec4398f5683ee98529c9281761877035f2ecf006ea5bd85ba924ea47894
-
SHA512
490b8e9464a2edeff5e11fc2078be63f74fbe0bb60362cc2bee1110ca47520c36060a72dd90584424c17e52d40795ac6dfd6e3fb17c9e69f88e518b9e622142f
-
SSDEEP
49152:bg2teM0iTc/RfHqRSvF0jieP0OKb+gpOOgVua+ONfSUnYeljOjpTfIx:Tt50iTOJv0jieUb+Ua+6BYeljOjKx
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
9a85aec4398f5683ee98529c9281761877035f2ecf006ea5bd85ba924ea47894
-
Size
2.3MB
-
MD5
7f65e0d68bc24a6e6e74aed966f873a8
-
SHA1
cc9339cdaaf241c3aff61673d88f8c1c890ddfb9
-
SHA256
9a85aec4398f5683ee98529c9281761877035f2ecf006ea5bd85ba924ea47894
-
SHA512
490b8e9464a2edeff5e11fc2078be63f74fbe0bb60362cc2bee1110ca47520c36060a72dd90584424c17e52d40795ac6dfd6e3fb17c9e69f88e518b9e622142f
-
SSDEEP
49152:bg2teM0iTc/RfHqRSvF0jieP0OKb+gpOOgVua+ONfSUnYeljOjpTfIx:Tt50iTOJv0jieUb+Ua+6BYeljOjKx
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-