General
-
Target
32c80831029de1be9c3f23027703e9a0a674a50bcf7d35d8ad074b1eaac4dca9
-
Size
2.3MB
-
Sample
240620-2t2x7a1fjb
-
MD5
a39373bdf1cf3af85e466d678c82db47
-
SHA1
97e2512f7e1a606e1d7652bd6756f6c4ad5b2152
-
SHA256
32c80831029de1be9c3f23027703e9a0a674a50bcf7d35d8ad074b1eaac4dca9
-
SHA512
7ca9617835186390e56e0562ffeb55546ab68d0129ece6ca31a4722249940e71cbd8710719c1601ab3bd3cd1bfcefd93944a791ed34eeeccf1a07f9da9c5682f
-
SSDEEP
24576:JHC6VHCNyo0ujHP8fOu77oPjfnf9w37fYveAwpH8wkA6hMQJjCF1EdSRbC8Pfb7u:JENFs77oPjPf9IrVpH87tajbFhfDP
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
32c80831029de1be9c3f23027703e9a0a674a50bcf7d35d8ad074b1eaac4dca9
-
Size
2.3MB
-
MD5
a39373bdf1cf3af85e466d678c82db47
-
SHA1
97e2512f7e1a606e1d7652bd6756f6c4ad5b2152
-
SHA256
32c80831029de1be9c3f23027703e9a0a674a50bcf7d35d8ad074b1eaac4dca9
-
SHA512
7ca9617835186390e56e0562ffeb55546ab68d0129ece6ca31a4722249940e71cbd8710719c1601ab3bd3cd1bfcefd93944a791ed34eeeccf1a07f9da9c5682f
-
SSDEEP
24576:JHC6VHCNyo0ujHP8fOu77oPjfnf9w37fYveAwpH8wkA6hMQJjCF1EdSRbC8Pfb7u:JENFs77oPjPf9IrVpH87tajbFhfDP
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-