General
-
Target
e2109dd1afe113b0bbdb9c117be85694c54cc26c1f59ef5fbf36ca70187764ed
-
Size
2.3MB
-
Sample
240619-3yh7baxfnf
-
MD5
803a6c4ceeaef9d56bc7858abcf8d525
-
SHA1
1e62ff9793c776a2c42080a15f60da2cb7199a07
-
SHA256
e2109dd1afe113b0bbdb9c117be85694c54cc26c1f59ef5fbf36ca70187764ed
-
SHA512
d6dbcac5968e9433a10099f12670067d1e298ea6d3cc0a762ceff5ab8d5f8221f1c00295e102b3d7d4993ce68d874ed24ea761847d8694ce60361db8fb01726b
-
SSDEEP
49152:Ob7sH7qcORTVz2klvijpRAi9nNxCt7Spvs9phNisetYvKF3ZP:FORVz1dGpRAkCtGErhN0tYv+
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
e2109dd1afe113b0bbdb9c117be85694c54cc26c1f59ef5fbf36ca70187764ed
-
Size
2.3MB
-
MD5
803a6c4ceeaef9d56bc7858abcf8d525
-
SHA1
1e62ff9793c776a2c42080a15f60da2cb7199a07
-
SHA256
e2109dd1afe113b0bbdb9c117be85694c54cc26c1f59ef5fbf36ca70187764ed
-
SHA512
d6dbcac5968e9433a10099f12670067d1e298ea6d3cc0a762ceff5ab8d5f8221f1c00295e102b3d7d4993ce68d874ed24ea761847d8694ce60361db8fb01726b
-
SSDEEP
49152:Ob7sH7qcORTVz2klvijpRAi9nNxCt7Spvs9phNisetYvKF3ZP:FORVz1dGpRAkCtGErhN0tYv+
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-