General
-
Target
7645d96448ad74f94966d5997b8d7a22df32bf9ed02d940bcbe7f587f9de58a5
-
Size
2.3MB
-
Sample
240620-vdqfwssbnm
-
MD5
3cf2e2014bc046f57224f0cec0f00157
-
SHA1
ff26cb5f082db8d782e72402baed3f5af7c4c23f
-
SHA256
7645d96448ad74f94966d5997b8d7a22df32bf9ed02d940bcbe7f587f9de58a5
-
SHA512
66fa009e6a55f1f9c85ca9c4e20630971e13d0285a1804c6f51fe734d9b93583a82f615e97f6769ec87dd2026785ad89907eccd751136a11fcae079d8f7b6f6a
-
SSDEEP
49152:Bd+o15Q2iCGeJXQUC2f8vZSK/A3Wyx13MzKDE76NqP:fhiEXQj2AhA3tMeDE+UP
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
7645d96448ad74f94966d5997b8d7a22df32bf9ed02d940bcbe7f587f9de58a5
-
Size
2.3MB
-
MD5
3cf2e2014bc046f57224f0cec0f00157
-
SHA1
ff26cb5f082db8d782e72402baed3f5af7c4c23f
-
SHA256
7645d96448ad74f94966d5997b8d7a22df32bf9ed02d940bcbe7f587f9de58a5
-
SHA512
66fa009e6a55f1f9c85ca9c4e20630971e13d0285a1804c6f51fe734d9b93583a82f615e97f6769ec87dd2026785ad89907eccd751136a11fcae079d8f7b6f6a
-
SSDEEP
49152:Bd+o15Q2iCGeJXQUC2f8vZSK/A3Wyx13MzKDE76NqP:fhiEXQj2AhA3tMeDE+UP
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-