General
-
Target
aa942fef7cb0d9a7b79c981747ede47103bb0e850de836b16256e2dd843f51bf
-
Size
2.3MB
-
Sample
240620-1qmtesydqg
-
MD5
7cc5537ebb1b4c98244b70767611910a
-
SHA1
d5d96e7499e20fa0e8e0dcce4291d1f3628ffd85
-
SHA256
aa942fef7cb0d9a7b79c981747ede47103bb0e850de836b16256e2dd843f51bf
-
SHA512
df0dbc89c72360506e7d795be7698f1c9c78cb6bf455e292b16ebc9d0d8020cc09291a7beff18111836eae76a9efa8a2476925e4936d2da350b84721ede873ff
-
SSDEEP
49152:gjqjNYWXfFCzT58Pp4CzsSa/L3addmLTDOveOHJmS53N6ISujmLuQ4J3PJ:fYaf8v2R4CzsSa/eddm/DlOQ83N6Pkm8
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
aa942fef7cb0d9a7b79c981747ede47103bb0e850de836b16256e2dd843f51bf
-
Size
2.3MB
-
MD5
7cc5537ebb1b4c98244b70767611910a
-
SHA1
d5d96e7499e20fa0e8e0dcce4291d1f3628ffd85
-
SHA256
aa942fef7cb0d9a7b79c981747ede47103bb0e850de836b16256e2dd843f51bf
-
SHA512
df0dbc89c72360506e7d795be7698f1c9c78cb6bf455e292b16ebc9d0d8020cc09291a7beff18111836eae76a9efa8a2476925e4936d2da350b84721ede873ff
-
SSDEEP
49152:gjqjNYWXfFCzT58Pp4CzsSa/L3addmLTDOveOHJmS53N6ISujmLuQ4J3PJ:fYaf8v2R4CzsSa/eddm/DlOQ83N6Pkm8
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-