General
-
Target
b7c7d79f522ef6da5014e1c87baadbb7dca92802fd43876e6f5dc74888dac0c1
-
Size
2.3MB
-
Sample
240619-vp29tsvckb
-
MD5
027bde23d627ac64b5213119f0ec5168
-
SHA1
7a45ddf329f7fdeb9af243209e6b12667c9eace0
-
SHA256
b7c7d79f522ef6da5014e1c87baadbb7dca92802fd43876e6f5dc74888dac0c1
-
SHA512
5793a59eeddb5fbc3458fb9a2d0a9b29fe299b611ce3d312b2ec78de4e701f095756302703c50c59a8a8c89f4180032e6785f6e503c06ac92eb1cdb10ccc7caa
-
SSDEEP
49152:d8Dv57kLalwmRI0TAfE8TQMRBrgs50zPKvF9UQYCZ3f7t:GRllwzdfnrybK9+QYCv
Malware Config
Extracted
risepro
147.45.47.126:58709
Targets
-
-
Target
b7c7d79f522ef6da5014e1c87baadbb7dca92802fd43876e6f5dc74888dac0c1
-
Size
2.3MB
-
MD5
027bde23d627ac64b5213119f0ec5168
-
SHA1
7a45ddf329f7fdeb9af243209e6b12667c9eace0
-
SHA256
b7c7d79f522ef6da5014e1c87baadbb7dca92802fd43876e6f5dc74888dac0c1
-
SHA512
5793a59eeddb5fbc3458fb9a2d0a9b29fe299b611ce3d312b2ec78de4e701f095756302703c50c59a8a8c89f4180032e6785f6e503c06ac92eb1cdb10ccc7caa
-
SSDEEP
49152:d8Dv57kLalwmRI0TAfE8TQMRBrgs50zPKvF9UQYCZ3f7t:GRllwzdfnrybK9+QYCv
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-