General

  • Target

    75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828

  • Size

    2.3MB

  • Sample

    240621-djrgps1bkp

  • MD5

    bafbba63c6a5beb14f167e408eac044d

  • SHA1

    99ab2b422709d6000c03f5238ce3d2077c044ff4

  • SHA256

    75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828

  • SHA512

    0ec15c2fbf768d22e8397359f4769e105337ae38867e36869bec001720ed9d0902e358a3ad0c774046e756c497e85fed759bb4024019735af97211a371288aec

  • SSDEEP

    49152:th3x+S9GBMkGAIvufJisbryel6eeKEGNW5EjmClv:th3xeMIs4l6nBGNgEj1

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828

    • Size

      2.3MB

    • MD5

      bafbba63c6a5beb14f167e408eac044d

    • SHA1

      99ab2b422709d6000c03f5238ce3d2077c044ff4

    • SHA256

      75e4cd86253cef4c12d0153a159f87455376ff8264407e62bd8acaad7f981828

    • SHA512

      0ec15c2fbf768d22e8397359f4769e105337ae38867e36869bec001720ed9d0902e358a3ad0c774046e756c497e85fed759bb4024019735af97211a371288aec

    • SSDEEP

      49152:th3x+S9GBMkGAIvufJisbryel6eeKEGNW5EjmClv:th3xeMIs4l6nBGNgEj1

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks