General
-
Target
b3f339bc8d497e16b9e639cf5f730b2c4b5cf034c5c0432dca5c6fc3913b2759
-
Size
2.3MB
-
Sample
240621-hamvdazdnh
-
MD5
1da7f1736535b272205820e8bb409aca
-
SHA1
3b1d1aded4d0a95526c63cf1c33bd9c4d60405ba
-
SHA256
b3f339bc8d497e16b9e639cf5f730b2c4b5cf034c5c0432dca5c6fc3913b2759
-
SHA512
46a3979fe33651ba6abaef7d2c06be21eab4599be9838e3a219c1dd0159aa4cad380834e33324504ebd049122172db532afa2f25a08399f6b797cfd2f287f897
-
SSDEEP
49152:9XVk6xNPKA+gOw4FGxJshwtovs6LaA339/tlkj9qCZgt6knS:9X2esw4FGxY4MLt39/bkinS
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
b3f339bc8d497e16b9e639cf5f730b2c4b5cf034c5c0432dca5c6fc3913b2759
-
Size
2.3MB
-
MD5
1da7f1736535b272205820e8bb409aca
-
SHA1
3b1d1aded4d0a95526c63cf1c33bd9c4d60405ba
-
SHA256
b3f339bc8d497e16b9e639cf5f730b2c4b5cf034c5c0432dca5c6fc3913b2759
-
SHA512
46a3979fe33651ba6abaef7d2c06be21eab4599be9838e3a219c1dd0159aa4cad380834e33324504ebd049122172db532afa2f25a08399f6b797cfd2f287f897
-
SSDEEP
49152:9XVk6xNPKA+gOw4FGxJshwtovs6LaA339/tlkj9qCZgt6knS:9X2esw4FGxY4MLt39/bkinS
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-