General

  • Target

    6fb03fa828916bd6b9f040cb2d3205a56686610605402a312ff0b218e24196f8

  • Size

    2.4MB

  • Sample

    240621-kyk2ssxfnk

  • MD5

    e55ba3417e31b0254591fc4468d4583a

  • SHA1

    b325e252565c593202bd66185cead5e38e66c491

  • SHA256

    6fb03fa828916bd6b9f040cb2d3205a56686610605402a312ff0b218e24196f8

  • SHA512

    e4533dce449a3fe2e931a4548be0a39cd93fbea18088603544aecab10085958195a57a7f9e4aaaa78217e357bd7827779b46d4bae5363100555eddf94d4de611

  • SSDEEP

    49152:GMhBPnOH89qVTE42P18HW+dQ+E/d/1tk2rghAiZ:nbgi49vdfE/3a2rghAiZ

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      6fb03fa828916bd6b9f040cb2d3205a56686610605402a312ff0b218e24196f8

    • Size

      2.4MB

    • MD5

      e55ba3417e31b0254591fc4468d4583a

    • SHA1

      b325e252565c593202bd66185cead5e38e66c491

    • SHA256

      6fb03fa828916bd6b9f040cb2d3205a56686610605402a312ff0b218e24196f8

    • SHA512

      e4533dce449a3fe2e931a4548be0a39cd93fbea18088603544aecab10085958195a57a7f9e4aaaa78217e357bd7827779b46d4bae5363100555eddf94d4de611

    • SSDEEP

      49152:GMhBPnOH89qVTE42P18HW+dQ+E/d/1tk2rghAiZ:nbgi49vdfE/3a2rghAiZ

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks