General
-
Target
df5b287975599d443e2e66dd546f465efd3aa49e83521e0b9e58d39982a96c03
-
Size
2.3MB
-
Sample
240619-sbrvtsxbpl
-
MD5
df60702793f3daff3b77492c14881d42
-
SHA1
46f2c15bacb0704a20134d5024ac4564172c3a52
-
SHA256
df5b287975599d443e2e66dd546f465efd3aa49e83521e0b9e58d39982a96c03
-
SHA512
f2b472a23f5e0a515d3a1d8dd56f0c15bd6dcde1182d4c82ccbf4eca4a418641bc09ec222b9fa00b8d1dde98f3e3cb254479469e06ab9561e8c1a60651411797
-
SSDEEP
49152:L76eN/01bpfYTIU9jBqbVQf+T1nNrNivwc5lfbRtHdmqvW:Ll+blXGoO+TXxiF51t9
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
df5b287975599d443e2e66dd546f465efd3aa49e83521e0b9e58d39982a96c03
-
Size
2.3MB
-
MD5
df60702793f3daff3b77492c14881d42
-
SHA1
46f2c15bacb0704a20134d5024ac4564172c3a52
-
SHA256
df5b287975599d443e2e66dd546f465efd3aa49e83521e0b9e58d39982a96c03
-
SHA512
f2b472a23f5e0a515d3a1d8dd56f0c15bd6dcde1182d4c82ccbf4eca4a418641bc09ec222b9fa00b8d1dde98f3e3cb254479469e06ab9561e8c1a60651411797
-
SSDEEP
49152:L76eN/01bpfYTIU9jBqbVQf+T1nNrNivwc5lfbRtHdmqvW:Ll+blXGoO+TXxiF51t9
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-