General
-
Target
eabb9c529051c30d18483b6400635ecb9b94181d3b5f1c6ebac8837b4a78c455
-
Size
2.3MB
-
Sample
240620-gmw35sxbjq
-
MD5
6b7d949f90737b1782db27b3d301a29b
-
SHA1
a727504ac183b0e6e05c7e1288d0fd26a239e7e5
-
SHA256
eabb9c529051c30d18483b6400635ecb9b94181d3b5f1c6ebac8837b4a78c455
-
SHA512
43859468f06ad71a482ca2640d746ae61f2c804676c39151afd29512e6fa67507b4e8c2893d5e443b8debe69abc4f42610c42ab56afe569f583a30505a71442f
-
SSDEEP
49152:QZTmc9POCiliv5GkopWyLBKgiNcOQl2AqpfDd7KRkY6P19ZI:Qhp9POvlih/WKdN3QQAqBDxK+Y6P19
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
eabb9c529051c30d18483b6400635ecb9b94181d3b5f1c6ebac8837b4a78c455
-
Size
2.3MB
-
MD5
6b7d949f90737b1782db27b3d301a29b
-
SHA1
a727504ac183b0e6e05c7e1288d0fd26a239e7e5
-
SHA256
eabb9c529051c30d18483b6400635ecb9b94181d3b5f1c6ebac8837b4a78c455
-
SHA512
43859468f06ad71a482ca2640d746ae61f2c804676c39151afd29512e6fa67507b4e8c2893d5e443b8debe69abc4f42610c42ab56afe569f583a30505a71442f
-
SSDEEP
49152:QZTmc9POCiliv5GkopWyLBKgiNcOQl2AqpfDd7KRkY6P19ZI:Qhp9POvlih/WKdN3QQAqBDxK+Y6P19
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-