General
-
Target
fbb443bd2f2c8143ed0b6ef10bef9d73460ace7eac5214ebd4fb9e7c3240e7d1
-
Size
2.3MB
-
Sample
240620-wl9eeazgnb
-
MD5
738f783600a8bff885414d30ffcbc16e
-
SHA1
a7e864c547c02369633c690a93479a28e5c17b0c
-
SHA256
fbb443bd2f2c8143ed0b6ef10bef9d73460ace7eac5214ebd4fb9e7c3240e7d1
-
SHA512
c1777a5cff327c7eb3431d20d581f69a590d9a22c3031c0a9a45e67f75a629362f556ac2a32174233ab502cf2d66c86426a48289dda94c20e6818183b4389b30
-
SSDEEP
49152:BopQEX6pXYhEoLTlf+Eo/93v0bPu09z3P08N282yf9W:BopQFIhE5Eo/9/dk7PJNhNf
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
fbb443bd2f2c8143ed0b6ef10bef9d73460ace7eac5214ebd4fb9e7c3240e7d1
-
Size
2.3MB
-
MD5
738f783600a8bff885414d30ffcbc16e
-
SHA1
a7e864c547c02369633c690a93479a28e5c17b0c
-
SHA256
fbb443bd2f2c8143ed0b6ef10bef9d73460ace7eac5214ebd4fb9e7c3240e7d1
-
SHA512
c1777a5cff327c7eb3431d20d581f69a590d9a22c3031c0a9a45e67f75a629362f556ac2a32174233ab502cf2d66c86426a48289dda94c20e6818183b4389b30
-
SSDEEP
49152:BopQEX6pXYhEoLTlf+Eo/93v0bPu09z3P08N282yf9W:BopQFIhE5Eo/9/dk7PJNhNf
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-