General

  • Target

    6970deaf5a791b972a83f8cd75d0795c1177cdcfb9bd15eff809fe0a1fcba13c

  • Size

    2.3MB

  • Sample

    240621-2whx4atfph

  • MD5

    e14cf433296b4082c590b54e63e786e3

  • SHA1

    69842f5211b3077a5c6c5acb18ce31a9d69ba716

  • SHA256

    6970deaf5a791b972a83f8cd75d0795c1177cdcfb9bd15eff809fe0a1fcba13c

  • SHA512

    28711c949a9d3672c873b16292ed3c8dbc74ddc142828dd6cf759523b5758bb28e9e370a4ed43425793467d7ba469192d520b15cd82f321cf322fb00962ca6c0

  • SSDEEP

    49152:GkoXvaZUO2q9DX9FoxrnheoBHccXhg39RPXRTwksty8Pq5OSY7Gj:HsvQ2q9DXMrn55kyk8

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      6970deaf5a791b972a83f8cd75d0795c1177cdcfb9bd15eff809fe0a1fcba13c

    • Size

      2.3MB

    • MD5

      e14cf433296b4082c590b54e63e786e3

    • SHA1

      69842f5211b3077a5c6c5acb18ce31a9d69ba716

    • SHA256

      6970deaf5a791b972a83f8cd75d0795c1177cdcfb9bd15eff809fe0a1fcba13c

    • SHA512

      28711c949a9d3672c873b16292ed3c8dbc74ddc142828dd6cf759523b5758bb28e9e370a4ed43425793467d7ba469192d520b15cd82f321cf322fb00962ca6c0

    • SSDEEP

      49152:GkoXvaZUO2q9DX9FoxrnheoBHccXhg39RPXRTwksty8Pq5OSY7Gj:HsvQ2q9DXMrn55kyk8

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks