General
-
Target
50e05ce984ab1a3483e352cdd68dcf7cd45375c7009d4bef1d7cbdf42c886adf
-
Size
2.3MB
-
Sample
240620-htwlmaveph
-
MD5
1ea6db66f1623b1dd825dd5cacdbe736
-
SHA1
b6e69bb5621a9f89661e034dd7efebef9a1b0dba
-
SHA256
50e05ce984ab1a3483e352cdd68dcf7cd45375c7009d4bef1d7cbdf42c886adf
-
SHA512
d12c4a42dd7809640ff3c5a6af7bb420afe28822b65d162707af498e0102d9d47366a7753646266fbc57a2e5c275fa4f50b276d21980228d946f77c2f5f62603
-
SSDEEP
49152:F6tXkFdPD81xrcq9rwh+nDGsLGmvKzcoUqe6owm2x:FRDL8wq9rzDGsLGmq/Uqmm
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
50e05ce984ab1a3483e352cdd68dcf7cd45375c7009d4bef1d7cbdf42c886adf
-
Size
2.3MB
-
MD5
1ea6db66f1623b1dd825dd5cacdbe736
-
SHA1
b6e69bb5621a9f89661e034dd7efebef9a1b0dba
-
SHA256
50e05ce984ab1a3483e352cdd68dcf7cd45375c7009d4bef1d7cbdf42c886adf
-
SHA512
d12c4a42dd7809640ff3c5a6af7bb420afe28822b65d162707af498e0102d9d47366a7753646266fbc57a2e5c275fa4f50b276d21980228d946f77c2f5f62603
-
SSDEEP
49152:F6tXkFdPD81xrcq9rwh+nDGsLGmvKzcoUqe6owm2x:FRDL8wq9rzDGsLGmq/Uqmm
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-