General
-
Target
09cccd1cc59b6ef6106122d1840587853abea927753b6281302cf2a15a843d47
-
Size
2.3MB
-
Sample
240621-k2md2axglm
-
MD5
bbe1a7c9ee2a5377e27c285deb1568e5
-
SHA1
90e8a94cd2cb3244ea6e5722e48f1c40eff42f5f
-
SHA256
09cccd1cc59b6ef6106122d1840587853abea927753b6281302cf2a15a843d47
-
SHA512
83f5d9ce0b6153e9a907e19155c3589e9b7fd2c3aced91acc8eb9d917fcd3fdaff62e842d33982170b494430a95ab4935bd5906f22a85e1c71fa95b348f8dd8f
-
SSDEEP
49152:Pye6CORFlh65LheLbahfY1wiHLQMF4ciUE5lEDfSNR08:PEfR0re4fkMFN5ldHj
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
09cccd1cc59b6ef6106122d1840587853abea927753b6281302cf2a15a843d47
-
Size
2.3MB
-
MD5
bbe1a7c9ee2a5377e27c285deb1568e5
-
SHA1
90e8a94cd2cb3244ea6e5722e48f1c40eff42f5f
-
SHA256
09cccd1cc59b6ef6106122d1840587853abea927753b6281302cf2a15a843d47
-
SHA512
83f5d9ce0b6153e9a907e19155c3589e9b7fd2c3aced91acc8eb9d917fcd3fdaff62e842d33982170b494430a95ab4935bd5906f22a85e1c71fa95b348f8dd8f
-
SSDEEP
49152:Pye6CORFlh65LheLbahfY1wiHLQMF4ciUE5lEDfSNR08:PEfR0re4fkMFN5ldHj
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-